Friday 3rd January 2025
Twitter Facebook Twitter LinkedIn RSS

Comsure operates in:the UK, Jersey, Guernsey

GDPR and Privacy notices and some immediate steps

INTRO

  1. One of the most noticeable changes that organisations will see in their day-to-day handling of personal data is the new requirement to provide ‘privacy notices’.
  2. Where the data controller obtains the personal data directly from the data subject, the data controller will need to provide the notice at the time the personal data is collected, which in most cases will be at the start of the relationship, be it an employment or commercial relationship.
  3. Where the personal data are not obtained from the data subject, special rules as to the timing of the provision of the specific information apply.

WHAT INFO

  1. Privacy notices need to set out a range of information, including (but not limited to)
    1. the purposes and bases for the processing,
    2. details on transfers outside the jurisdiction, and
    3. certain details about the data protection officer (if any) and data controller as applicable.
  2. Other information to be provided include
    1. the right to make complaints,
    2. the ability to withdraw consents provided, and
    3. information about how long the data is to be stored or the criteria to determine storage periods.
  3. The required content for the notices is likely to vary slightly across jurisdictions so organisations will need to ensure that they consider all relevant legislation.

EXISTING INFO

  1. Given that the new legislation will commence in the context of existing employment and commercial relationships, an immediate question is what to do about existing employees, customers and suppliers, etc.
  2. There is potential to rely on transitional provisions in Jersey (valid to May 2019) where specified information was provided under the existing Data Protection Law.
  3. However, it would be prudent for controllers to check whether the specified information has been provided and, if not, ensure that existing data subjects are provided with a privacy notice to take effect on or around the implementation of GDPR.

TO DO KEY ACTIONS

  1. Prepare a privacy notice that complies with the GDPR requirements, considering the purpose and basis for processing personal data in your organisation. Ensure the notice is tailored for particular groups of recipients as appropriate, depending on how the data is to be used.
  2. Determine the method by which the privacy notice will be brought to the attention of relevant data subjects and consider how existing individuals should receive the notice on commencement of GDPR.
  3. Check the respective requirements for privacy notices in your applicable jurisdiction(s) and tailor the notice accordingly.
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

January 22, 2018 < Back
WP2Social Auto Publish Powered By : XYZScripts.com