The EU’s General Data Protection Regulation (GDPR) which came into force on May 25th, brings with it significant changes, including increased rights for individuals, along with new obligations and penalties for organisations.
Under the GDPR, organisations will be obliged by law to adopt data privacy by design (DPBD). This means you have a general obligation to implement technical and organisational measures to show you have considered and integrated data protection into all processing activities from the outset rather than as a bolt-on.
This needs to be considered when you build new IT systems for storing or accessing the personal data of your tenants, employees or contractors as well as developing policy or strategies with privacy implications when embarking on a data sharing initiative, or using data for new purposes.
This is privacy by design, something long recognised as good practice.
For housing associations, complying with a DPBD approach may involve making widespread changes to systems and processes, as Colin Sales, 3C Consultants’ Managing Director, explains in this video:
For instance, landlords will need to understand and consider data protection in all their new projects and technology implementations.. They will have to demonstrate that they have considered the impact of such projects individuals.
Some may need to build new IT systems for storing and accessing personal data to meet the new regulation.
Although arduous, taking a DPBD approach has significant benefits for organisations, according to the Information Commissioner’s Office (ICO). The ICO is the independent body responsible for upholding information rights and enforcing the GDPR. DPBD is an essential tool in minimising privacy risks and building trust, says the ICO. It can lead to benefits such as being able to identify potential data-related problems at an early stage and making addressing them easier and less costly. It also helps to promote awareness of privacy and data protection throughout your organisation.
Organisations that use privacy by design are more likely to meet their legal obligations and less likely to breach the Data Protection Act (1998) or the GDPR. Their actions are less likely to intrude on individuals’ privacy.
If you need help or would like to discuss any issue that this GDPR video series raises, please call us now on 0333 900 3003.