The IPA has today (14th December) launched its GDPR Best Practice Principles to help IPA member agencies become GDPR compliant in readiness for 25 May 2018.
The Principles contain a set of six rules summarising some of the key obligations imposed by the GDPR that agencies will need to meet when handling personal data for clients as ‘processors’ under the new law.
The IPA has also produced Guidance which should further assist agencies in understanding how to comply with the Principles and which gives more detail on the obligations on processors under the GDPR. .The six Principles are:
Says Richard Lindsay, Director of Legal & Public Affairs, IPA; ”The various obligations on businesses when acting as data processors are scattered throughout the GDPR. They are hard enough to find, let alone understand and implement. I hope that by gathering some of the key rules together in a short set of Principles, agencies will find it easier to work out what they need to do if processing personal data for clients. Clients can only use processors which provide sufficient guarantees of their GDPR compliance, so agencies adhering to the Principles should be in a good position to demonstrate to clients that they meet that requirement.”
Visit our data protection hub for the full collection of the IPA’s GDPR guidance for members.