The main differences between the Data Protection Act and the GDPR...

Don’t delay as you will almost certainly have to make changes!

The GDPR will be enforced from 25 May 2018. UK organisations that process the

personal data of EU residents have only a short time to ensure that they are compliant.

Introduced to keep pace with the modern digital landscape, the GDPR is more extensive

in scope and application than the current Data Protection Act (DPA). The Regulation

extends the data rights of individuals, and requires organisations to develop clear policies

and procedures to protect personal data, and adopt appropriate technical and organisational

measures.

Key changes

1. The definition of personal data is broader, bringing more data into the regulated perimeter

2. Consent will be necessary for processing children’s data

3. The rules for obtaining valid consent have been changed

4. The appointment of a data protection officer (DPO) will be mandatory for dental practices

5. Mandatory Data protection impact assessments have been introduced and need to be used on each process area within the practice

6. There are new requirements for data breach notifications

7. Data subjects have the right to be forgotten

8. There are new restrictions on international data transfers

9. Data processors share responsibility for protecting personal data

10. There are new requirements for data portability

11. Processes must be built on the principle of privacy by design

Penalties under the GDPR

The Regulation mandates considerably tougher penalties than the DPA: organisations found in breach of the Regulation can expect administrative fines of up to 4% of annual global turnover or €20 million – whichever is greater.

Fines of this scale could very easily lead to business insolvency.

How can Cahoots help?

Contact us and will go into the implications and responsibilities in more detail.