positive attitude and commitment towards data management and protection
is accountable for compliance. A data Protection Office is required for public organisations and organisations that deal with large scale processing of personal data to be responsible for data protection compliance Further requirements for data subject include Right of access (similar to SAR) Right to restrict data Has the right to be forgotten Tighter compliance timescales Tough penalties for non-compliance All processes and procedures in place to manage personal data access must be robust and measurable
Data Subject Management
Processes must be in place for Subject Access Requests (SARs).
Access Control
All processes and procedures in place to manage personal data access must be robust
ICO 12 steps To help prepare for the GDPR the Information Commissioner’s Office has produced a downloadable booklet titled Preparing for the General Data Protection Regulation (GDPR) 12 steps to take now . The booklet goes into more detail of the process to use and the questions that should be asked. It advises on where procedures should be set up, and for what purpose and warns of the consequences of non-compliance with the regulations. CIPP training course Many of the principles of the UK’s DPA will remain when the UK implements the GDPR on 25 May 2018. The GDPR takes data protection further, with a change in emphasis from ‘best practice’ to ‘requirements’, greater consent from individuals, new rights such as the right to be forgotten, and other significant changes.
Payroll and HR data, procedures and systems will be directly affected, including where third party software or service providers are involved.
The CIPP course helps delegates understand and prepare for the changes, including how they affect payroll and HR functions, so that they can help their organisations become fully compliant by May 2018.
Full details can be found under Payroll Training on the CIPP website.
CIPP comment Our latest Quick Poll asks if you have begun any data preparation or have a plan in place to start and also have you even heard or GDPR, maybe you have but think it doesn’t apply to your organisation.
Please take a moment to complete our CIPP Poll (on the right of this and every news item on the news pages of our website).
Back to Contents
A fifth of adults polled will request data from employers under new data protection regulation 21 July 2017
21% of consumers said they will request for personal data to be removed from current or previous employers and 22% said they would request access to their personal data.
The General Data Protection Regulation (GDPR) comes into force on 25 May 2018. Many of the principles of the UK’s Data Protection Act 1998 (DPA) will remain when the UK implements GDPR. The new Regulation takes data protection further, with a change in emphasis from ‘best practice’ to ‘requirements’, greater consent from individuals, new rights such as the right to be forgotten, and other significant changes.
The Chartered Institute of Payroll Professionals
Policy News Journal
cipp.org.uk
Page 44 of 516
Made with FlippingBook - Online magazine maker