GDPR - Protecting Personal Data

Although a pre GDPR data breach, Dixons announced on 31st July 2018 an update to the breach they identified in June. When initially announced on 13th June, it was 1.2 million customer records involved, but with further investigation the breach now looks to have affected approximately 10 million records.

I'm currently in discussion with Scottish Rugby about their privacy policy in relation to their new player registration system . In the past, for a person to play in a Scottish Rugby run competition, that person had to be registered on the SRU player registration system.  Player registrations were administered by the Club that player played with, with each Club being a independant organisation, all of whom are Members / mutual stakeholders in the Union.  All rugby union games in Scotland are governed by Scottish Rugby rules, regulations and bye-laws. From 25th May, a new player registration was introduced, which Clubs will still administer, but it also gives players direct access to their record.  The first stage of implementing the new system is for the individual player to confirm their record by logging into the system, firstly accepting the SRUs privacy policy.

There are many businesses selling their services to help you with the compliance side of GDPR, and as part of their marketing they're producing a fair bit of content about what GDPR.  Now we're not necessarily encouraging you to pay for their services, but it would be impolite not to make use of the free stuff they're putting out there.

An American view of GDPR , and how it might affect not just EU based organisations, but any organisation that has dealings with EU citizens. Even if you are not American based, the article from Educause is well worth a read as it highlights a number of key points. Read the full article from Educause .

Property Industry Eye has produced a mini-series of "plain English" articles on implementing GDPR. It comes in three parts and includes: Part 1 - Your role and responsibilities Part 2 - Consumer Rights & Data Breaches Part 3 - Marketing Processes

On 24th January, the European Commission produced a progress report on the implementation of the General Data Protection Regulation across Europe which comes into effect on 25th May 2018. Titled the " Commission guidance on the direct application of the General Data Protection Regulation ", they call for "all concerned actors to intensify the ongoing work to ensure the consistent application and interpretation of the new rules across the EU and to raise awareness among businesses and citizens".

Prior to the dawning of 2018, Jisc held a conference in London offering practical guidance from a variety of speakers and GDPR specialists to further education colleges and higher education institutions.