The Data Protection Act is being replaced by the General Data Protection Regulation (the GDPR) which is harmonising data protection law across Europe and is expected to become law in Spring 2016. All organisations dealing with personal data will be required to comply with the GDPR by Spring 2018.

The new regulations will bring a number of important changes to the way data protection is managed. One of these is the principle of “Privacy by Design and Default”.

What does it mean?

This means that all organisations involved in developing and designing applications, services and products used to process personal information must ensure they take account of data protection. This applies at the start of the process and all all relevant stages of the development. It also applies to the organisations purchasing such a system to check that it meets these requirements.

What do I have to do to comply?

The GDPR gives some examples of measures of what should be done to meet these requirements:

  • Minimising the information that you process.
  • Pseudonymising information (see below).
  • Being transparent about what you do with the information.
  • Allowing the data subject to monitor data processing.
  • Allowing the organisation processing the information to create and improve security features.

An organisation should start with these measures, but can always implement additional features where they consider it necessary. They should consider the type of information that they process; how they process it and also what security measures are currently available to best protect that information.

What help will I get?

By the time the GDPR comes into force it is intended that certified schemes will be available in the UK in which organisations can participate to show compliance with these requirements.

What is Pseudonymising?

“Pseudonymising” is a method where an organisation holds information that on its own does not identify a particular individual, but with the addition of information held securely and separately it then becomes information that can identify an individual.

Where can I get specialist advice on this and other matters?

As experts in data protection law, Probert Legal can help you steer a path through the new legislation and ensure that your systems and procedures are robust.

For further information, please contact Tracey Wakelam on