This month we are relaunching our corporate blog. We have launched our corporate blog to discuss developments in the private security industry and to provide further insight and opinion on our work.
To kick-start our blog again, our Chair, Elizabeth France, is talking about the upcoming changes to data protection law and opportunity this gives the private security industry.
We hope you will engage in an on-going discussion with us; provide comments and share your opinions.
Tomorrow (Friday 25 May), the General Data Protection Regulation (GDPR) comes into force; it is the first time in 20 years that this legislation has been updated. The principles will be familiar to those of you who were complying with the 1998 Act but it recognises the increased damage which can be done, with the changes in technology, when personal information is not processed as it should be.
You all have your personal data processed by others. If we are processing information about you then I want you to have confidence that we are doing so in accordance with the law. We have been working hard to make the changes necessary to ensure you know what we do with your information. We are ready to deal with any requests for that information (the time scales for meeting individual subject access requests are tighter under the new law), we have provided training for all our staff and we have appointed a Data Protection Officer, whose details are on our website.
If you process information about individuals, perhaps as a security industry employer, what have you done? If you are a small business the changes you have to make may not be huge If you were complying fully with the 1998 Act. What should you do? My suggestion would be that you go to the Information Commissioner’s website www.ico.org.uk) and start by looking at the helpful guidance: Preparing for the GDPR: 12 steps to take now.
Have you got a lawful basis for processing the personal data you hold? Who in your organisation is responsible for your compliance? Did you know that fines for breaches can now be up to 20,000,000 Euros or 4% of turnover?
Data protection rules can sometimes be used as an excuse for not thinking about how we manage information; it is easier to say we cannot share for example, than to consider how we might do so lawfully. This is an opportunity for us all to take stock. To think about what we hold and why we need to keep it, to make sure we have told those whose information we collect just what we are doing with it.
If you have queries or concerns about the way we are processing personal data, please let us know and our privacy notice is available here for your use. As a Regulator we are well aware that there are many of you who have to give us the information we ask for; you have no choice. That places a particular obligation on us to earn your confidence, and to show not just compliance with the letter of the law but a respect for the information you entrust to us.