Even though the May 25, 2018, compliance deadline for the General Data Protection Regulation (GDPR) has passed, data protection compliance has not ended. Working with the GDPR, the Data Protection Act 2018 (DPA) works with the GDPR and introduces additional requirements that businesses will need to watch out for, including obtaining an appropriate policy document. This fairly new requirement should be a separate document that includes the following: The relevant condition and lawful basis for processing; existing security measures; data that is being used; who this data will be shared with; information on data subject rights; the retention period/criteria for erasure of the personal data; and how the processing activity complies with obligations relating to transparency, accuracy and data minimisation.
