General Data Protection Register (GDPR) - In a nutshell

When processing direct debit transactions we need to comply with the UK Data Protection Act 1998. Looming on the horizon is the General Data Protection (GDPR) legislation which becomes applicable in the UK from the 25th May 2018. What impact could it have on your business processes?

  • Consent must be a positive opt in and it must be easy to withdraw consent.The majority of our micro direct debit sign up sites contain contact preferences, in some cases these are not a positive opt in and they must be modified before May 2018
  • Companies must have clear data retention periods. We have recently modified our data protection policy and implemented auto-cleansing services to ensure we adhere to our policy
  • You must have an appointed data protection office,
  • Clearly documented processes are required to deal with data breaches
  • You must know where you obtained any personal data held and who it is shared with.
  • Customers have a right of access to their data, free of charge and you must comply within 1 month
  • Personal data relating to persons under 18 has new strict governance rules.

This site uses JavaScript to enhance operation. There may be cases in which content does not operate normally or pages cannot be displayed if JavaScript has been disabled. Please be sure to activate JavaScript when using this site.