General Data Protection Regulation

Key changes

The new requirements include key changes for Runnymede Council. From May 2018

  • The council will have to show how it has complied with the new law

  • Penalties will be significantly increased for any breach of the regulation - not just data breaches

  • Security breach notifications will be a legal requirement - to be notified within 72 hours

  • Charges will be removed in most cases for provision of records to residents, staff or service users who request them. Our council will have to waive the current £10 fee by 25 May 2018

  • Runnymede Council will be required to keep records of data-processing activities

  • High-risk processing will require a data protection impact assessment

  • Data protection issues must be addressed in all information processes

  • There will be specific requirements for transparency and fair processing 

  • There will be tighter rules where consent is the basis for processing

  • Retention and the 'right to be forgotten'; the council must inform subjects on collection of the timeframe data will be retained

  • Should the data subject subsequently wish to have their data removed, and the data is no longer required for the reasons it was collected, it must be erased.