The EU General Data Protection Regulation comes into force next May. The need to comply with it is going to have far-reaching implications for all areas of public sector operations. Not only are the fines for data breach eye wateringly high, but organisations will need to respond to a deluge of Subject Access Requests from a general public freshly alerted to their new data rights.
UKAuthority Live discussed the key issues facing the public sector around implementation of GDPR, asking 'Is identity the start and end point for GDPR?'.
On the panel:
- Dawn Monaghan, head of data sharing and privacy (NHS England), head of strategic IG (NHS Digital) and director Information Governance Alliance
- Ian Litton, now an independent consultant with Positive Attributes, led the discovery, alpha, and private beta of the Blue Badge collaboration between Warwickshire County Council, GDS and DWP - the first use of GOV.UK Verify outside of central government.
- Nick Caley, vice president, Forgerock
The Information Commissioner's Office website (https://ico.org.uk/) contains lots of useful summaries of both the current Data Protection Act and the General Data Protection Regulation (GDPR). Specific sections of the ICO website which may be useful are:
- Data Protection Act: https://ico.org.uk/for-organisations/guide-to-data-protection/
- Overview of GDPR: https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
- Introduction to the Data Protection Bill: https://ico.org.uk/for-organisations/data-protection-bill/
- 12 steps to preparing for the GDPR: https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf
ForgeRock, supporters of the webcast, are also happy to share their latest resources:
- User Managed Access and consent: https://www.forgerock.com/platform/user-managed-access/
- Identity & GDPR: https://www.forgerock.com/identity-solutions/gdpr/