The Data Protection Act 1998 is being updated on 25 May 2018 to the General Data Protection Regulation legislation, which is a Europe wide piece of legislation that the UK has chosen to adopt in full.
- The data subject needs to have a better understanding of how an organisation will be using their data
- Explicit consent for data use must be provided
- Parental consent will be needed for processing any data related to a child or young person
- The rights of the data subject are strengthening, including the ‘right to be forgotten’. This requires the company to delete all traces of the data subject from all systems
- The role of the Information Commissioners Office (ICO) will increase significantly in terms of possible sanctions of non-compliance from organisations
NCVO has a set of resources designed around GDPR, which you can access on their website.