General Data Protection Regulations (GDPR)
From 25th May 2018, new guidelines about how organisations deal with personal data come into effect. Taking over from the old data protection guidelines, the General Data Protection Regulations, or GDPR, will be more stringent, ensure more accountability for organisations deadline with data, and ask for more reliable data protection processes to be in place. The new guidelines require organisations to process personal data
1. Lawfully (with explicit consent, in the public interest etc.)
2. Transparently (ensuring that the individual knows what will happen to the data and why they are giving consent)
3. For a specific purpose and once that purpose is fulfilled, the data should be deleted.
In practice, this means that any organisations who handle data, will need to ensure that they are clear on:
a) how they ensure they have consent to hold data (and this can no longer be through not checking a box for example)
b) how they will process and hold the data to ensure it is managed in accordance with the guidelines
c) how they will remove the data from all of their records should a request by an individual be made
There is a lot of information available at the moment to help support organisations get to grips with the new legislation and put into place suitable processes which support their data protection handling, if not in place already.
For a general overview of the GDPR, a clear description of what is involved and practical links to support implementation of the new regulations, the Local Government Association (LGA) have drawn together a range of supporting information:
In addition, the Association of Independent Museums (AIM), has produced a guide specifically for those working with collections, which supports an understanding of how GDPR can be adopted: