New data protection legislation - how this might affect IVA's

Get expert opinion. This is the place for new questions to be posted.
1 post Page 1 of 1
Posts: 139
by redboxtree » Wed Jan 10, 2018 5:27 pm
The law is changing - out with the old Data Protection Act 1998 and in the with new data protection legislation that has to be in place between now and 25/05/18.

The changes are happening across the EU to harmonise data subject rights and to reflect that the world is very different from 1998.

Some of the key changes that IVA companies will have to implement:

- They will have 1 calendar month (rather than 40 calendar days) in which to respond to any request for a copy of the information they hold about you AND they will not be able to charge for giving it to you

- Any organisation involved in a data breach or failure to implement the new legislation correctly will possibly be fined up to 20m euros or 4% of their annual turnover (whichever is the greatest)

- Failure to report data breaches or notify data subjects of a breach will be subject to the fine regime. Gone will be the days where they just gloss over mistakes by saying "it was one of those things"

- Due to the sensitivity of the data they hold about you it is likely that IVA companies will need to appoint a Data Protection Officer. That person and their role MUST be advertised and MUST be the first point of contact for the Information Commissioner or anyone who has a complaint about how they have handled their data

- IVA companies will need to legally justify why they collect information about you and justify data collection activities

Oh - that also means that how they market services, use of text, email and the reasons why they have contacted you is changing. The current PECR requirements are being changed at the same time and the fine regime will reflect the new data protection act.

They also need to be really clear on consent because under the new legislation there is no such concept as implied consent (nothing can be implied) and data sharing activities around sharing your information with "selected companies" will have to be a lot more upfront.

Legal basis wil be everything and if IVA companies and their IP's do not understand that they wil find that the legislation that they base their activities on will not stand up to scrutiny (and that is 30 years old and therefore even more reflective of a world that no longer exists).
1 post Page 1 of 1
Return to “Ask IVA Forum and Industry experts”

Who is online

Users browsing this forum: No registered users and 24 guests