Latest insights from our experts
The General Data Protection Regulation (“GDPR”)
The new General Data Protection Regulation (“the GDPR”) which governs how data is held and processed comes into force on 25 May 2018.
Most parks will process personal information and will be able to continue to do so under one of the six legal bases provided. Decisions should be documented so the legal basis used can be demonstrated to the Information Commission Officer (“ICO”) if necessary.
The six legal bases are:
- Consent of the data subject
- Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract
- Processing is necessary for compliance with a legal obligation
- Processing is necessary to protect the vital interests of a data subject or another person
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- Necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject
Compliance will be imperative given that the ICO will be able to levy significantly increased fines.
Further information on key changes can be found here: GDPR Document