Principle 1: Data must be processed lawfully, fairly and in a transparent manner in relation to individuals
GDPR seeks to ensure that personal data is processed ‘lawfully, fairly and transparently’ in relation to individuals, without adversely affecting the rights of a data subject. Transparency is a key theme running through GDPR but what does this really mean and how can compliance be demonstrated? It’s actually pretty simple if you think of personal data as only being on loan to you from the data subject. Take the same kind of care with their data as you would if you were borrowing a friend’s car, for example. And remember at any time they can ask for it back, check you are using it properly and importantly remember that they retain control over what you do with it.
The legislation requires that you make available a privacy notice at the time you are collecting an individual’s data. Make sure any notice is fit for purpose and sets out in clear, unambiguous language how you collect data, what kind of data you are collecting, why it is being collected , how long it is kept for, whether or not it is passed on to third parties and explain the data subject’s rights, including their right to withdraw their consent and their right to lodge a complaint and, importantly, how they can contact you. Now is not the time for jargon and it is important to be explicit and say exactly what you mean! It’s also obviously important to mean what you say, so ensuring that robust data handling policies are in place but are also understood, embraced and adopted throughout your business will stand you in good stead.
In terms of the lawfulness of processing personal data, most organisations will rely on the ground of consent. Any consent you seek to rely on must be freely given, specific, informed and unambiguous so pre-ticked boxes for example, are no longer an acceptable way of obtaining consent. Any existing consents must be brought into line with GDPR so if you are in any doubt, obtain new consents and keep clear records showing you have done so. Of course, consent is not the only legal basis to rely on but whichever you opt for, in the spirit of being fair and transparent, it must be clearly identified in your GDPR documents and privacy notice. Overall, the main things to remember are that you
must tell people what you are doing with their data and ask their permission to do it. And never assume an individual’s consent from their failure to respond!
Next week part two: The purposes for which data may be collected under GDPR….don’t miss it!
To consult with Jessica, please submit an enquiry for a free 15-minute consultation or call our dedicated GDPR Hotline 0845 241 1843.
In addition to GDPR templates the package contains a 30 minute GDPR audit consultation and an additonal 2 hours of specific GDPR legal advce all for only £495 + VAT (versus £675 + VAT)
How LawBite works LawBite GDPR Rescue Package
Read our latest blog posts on GDPR, featuring all the latest legal news, analysis and opinion from our expert lawyers.
- By Lawbite Team
- November 16, 2020
The supervisory authority for GDPR compliance, the Information Commissioner's Office (ICO), has recently published its decision to fine British Air...
- By Lawbite Team
- March 26, 2020
Many businesses have needed to adapt and embrace remote working. For many, this can raise new working practices and question how data is managed wi...
- By Lawbite Team
- March 19, 2020
Coronavirus and its spread across borders is a concern for employers and employees. While employers will be concerned to ensure their business’ con...
LawBite can help you
LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.
Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.