What is the new “British data protection system” and how to prepare for new rules
In a recent conference, the government has signalled its’ intent to replace current UK GDPR (General Data Protection Regulation) with a new British data protection system. The Data Protection Act 2018 is the UK’s implementation of the GDPR.
The Data Protection Act 2018 and the EU GDPR law, changed the way companies collect, process and protect the personal information of UK and EU citizens. A key consideration to any change is the UK’s data adequacy status in the EU. This is of considerable concern to marketers since the government announced its intention to reform data laws. Data adequacy is a status given by the EU to non-members deemed to have an adequate data protection regime, which then allows information to pass freely between countries.
Why change?
The change is being driven by a desire to cut red tape and simplify privacy regulation. Michelle Donelon, the Secretary of State for Digital, Culture, Media and Sport (Michelle Donelan) stated that the current EU GDPR is “limiting the potential of our businesses”, and “Our plan will protect consumer privacy and keep their data safe while retaining our data adequacy so that businesses can of course trade freely.”
How will it change?
While there are no concrete details about what the “new” data protection laws will look like, the government have promised that it will be simpler and it will be clearer for businesses to navigate. We also know the European Commission will be monitoring developments in the UK on an ongoing basis to ensure that the UK continues to provide an adequate level of data protection. There will be a fine balancing act to reconcile inconsistent privacy laws, align with business interests, keep consumers safe, and meet data adequacy provisions. This will not be an easy task.
Data privacy compliance – key steps
Here are some key steps that can help when new regulations come into effect. Every data privacy compliance plan should include the following steps:
- Raise awareness across the enterprise. Monitor best practices, provide training, and create a privacy-by-design culture across your organisation. Employees need to understand the regulations, how it will impact your business, and where to go for answers when there are concerns.
- Data inventory. You will need to create a data map demonstrating how information is collected, processed, stored, and transferred. Identify all places where data may be held including suppliers, contractors and sub-processors as well as your internal IT infrastructure.
- Risk – perform gap analysis. Identify areas of risk by reviewing your data inventory and gaps you may have in compliance to data privacy requirements. Remember to include suppliers and any sup-processors of data for current and future risk of non-compliance.
- Put a plan together. Develop a plan to address potential compliance gaps, and ongoing monitoring of your policies and procedures.
- Monitor compliance. You have to ensure controls put in place are effective by periodically monitoring and improving your processes.
- Data champion. Assign role of data privacy champion to monitor and report on your progress. Depending on regulations, there may be a requirement to designate a Data Protection Officer (DPO). We will need to see what new regulations mandate.
How ComplyPortal can Help
ComplyPortal is designed by compliance specialists to simplify your Regulatory Compliance Management on an easy-to-use cloud-based platform. Keep staff updated on new policies and procedures by assigning policy for attestation and creating periodic monitoring tasks to ensure data privacy controls are effective. Log incidents and actions taken, keeping a full audit trail of company response. Identify new risks, add to risk log, assign controls, and keep track of inherent and residual risks. ComplyPortal provides a central location to help you manage your compliance monitoring tasks.
ComplyPortal can help with your firms Data Protection and so much more.
Find out more about how the ComplyPortal platform can help firms adapt to new regulatory expectations at: https://complyportal.uk/modules
About ComplyPortal:
First developed in 2011 by compliance professionals for compliance officers, ComplyPortal offers workflow, automation, and several modules to help firms with control and regulatory compliance monitoring.
ComplyPortal simplifies financial services regulatory compliance management on an easy-to-use cloud-based comprehensive compliance platform. It enables compliance officers, risk officers and senior management to keep track of their firm’s regulatory responsibilities and workflows. Our platform includes the following modules, among others:
- Monitoring: a year-round schedule pre-populated with monitoring questionnaires to ease compliance processes.
- Registers: lists controlled by the Compliance officer, but easy for staff to view.
- Risk: map and control risk areas to effectively identify and manage risk for your firm.
- eKYC solution: perform comprehensive searches, including client identity verification, document authenticity, and more for a comprehensive KYC and AML approach
CLICK HERE TO GET STARTED!