Blog: 365 days until the new General Data Protection Regulation: Is your RSL ready?
One year from today, the new General Data Protection Regulation will come into force. It will make radical changes to how RSLs collect and process personal data about their tenants, staff, service providers and contractors. RSLs are advised to start taking steps towards compliance now and develop action plans to prepare themselves for when the clock strikes midnight on 25 May 2018.
What is the Regulation?
The Regulation is the most significant change to Data Protection law in over two decades. The current Data Protection Act 1998 (DPA) is based on an EU Directive that started out life in 1990, at a time when data processing systems and networks were not as advanced or as complex as what we have today. Indeed, the consumer Internet, as we know it today, did not exist. The Regulation will impose a universal standard of Data Protection across the EU, fit for the information age in which we live.
While the outcome of the referendum last year was that the UK will leave its membership of the EU, this is unlikely to happen until 2019 at the earliest. Until then, the UK must comply with and give effect to EU law, including the Regulation.
What will the Regulation do?
The Regulation is a complex legal instrument and imposes higher standards of Data Protection law across the EU. Some of the most significant changes to the law include:
What should RSLs do now?
I have been involved in advising many RSLs on preparing for the Regulation, and I have suggested that they first develop a Regulation compliance action plan by taking the following preparatory steps: