The GDPR's transparency obligations are difficult but not impossible
Thursday 11 April 2019, The EU GDPR is one the most significant changes in privacy in the past two decades, and companies need to fully understand its implications according to ICAEW. In its new guide, Data Protection and Transparency, ICAEW explains the transparency principle of the GDPR and gives essential guidance on how to comply with its requirements.
The EU General Data Protection Regulation (GDPR), is a comprehensive overhaul of how personal data must be handled by all organisations. This guide summarises the regulation’s transparency obligations, the exceptions available under GDPR and the Data Protection Act 2018 (DPA 2018), and provides a practical interpretation in the form of various examples. It is part of a series of ICAEW guides that aim to explain some of the new or more difficult concepts introduced by the GDPR and DPA 2018. Despite its focus on ICAEW members, it gives essential guidance for anyone who has day-to-day responsibility for data protection and wishes to understand their obligations under the GDPR and DPA 2018.
Jane Berney, ICAEW Business Law Manager, said: “The GDPR has reshaped the way in which all organisations must manage personal data, from healthcare to banking and beyond. It sets a high standard for personal data protection, imposes new and enhanced obligations on those handling personal data, extends the rights of data subjects over their personal data and provides for a much more punitive enforcement regime.”
“Transparency is a key principle of the GDPR. Everyone who handles personal data must implement appropriate technical and organisational measures to ensure data security and must show that personal data is processed in a transparent manner. For some professional services, such as audit, corporate finance or consulting, this may appear to be unworkable or even not feasible in some circumstances. Client confidentiality, for example, would seem to be at odds with the principle of transparency but our members need to be able to navigate their way through this if they are to adhere to the GDPR and avoid hefty fines. Therefore, a good understanding and familiarity with the GDPR , its expectations and exceptions is essential.”
The guide, Transparency, is available here.