Steps towards compliance
Fundamental changes to the data protection compliance regime have been introduced with the new Isle of Man data protection law. All organisations will need to take steps to familiarise themselves with the new law, including the principles, the requirement for accountability and the ability to demonstrate how they are complying with the law. In addition, there are enhanced and new rights for individuals, this includes the right to be provided with comprehensive and clear information about the processing of their personal data.
To be in a position to comply with the obligations, controllers should take steps towards achieving compliance including:
- Understanding the new era of compliance
- Understanding and mapping how personal data is obtained and used within the organisation
- Planning any improvements in practice
Organisations must be in a position to explain to individuals exactly why their personal data is needed, the lawful reason for doing so and if necessary why it must continue to be processed. They should start, and continue, to review and analyse:
- The personal data being processed;
- For example, ask what actually happens across the business by consulting senior management and front line staff about how personal data is obtained and used.
- All documentation, fair processing information, website information, policies and procedures, staff awareness etc. that relate to compliance with the existing data protection legislation;
- The current governance and security arrangements;
- The retention of personal data (including archives);
- How the business manages the exercised rights of individuals, such as subject access requests, withdrawal of consent, opt outs from marketing.