Manage modern archives in the UK? Watch out! The GDPR is coming to shake up your data and you and your organisation need to be ready.
On 25 May 2018, the General Data Protection Regulation will come into force across the European Union, including the UK, where it will replace the Data Protection Act of 1998. But what about Brexit? According to the Information Commissioner’s Office, who should know, leaving the EU will not ‘affect the commencement of the GDPR’.
Anyway, what’s new about the GDPR? The key difference: much greater emphasis on the rights of individuals over their personal data: organisations will have to seek explicit consent and pro-actively keep people properly informed. Good. As blogger FOIMAN says, ‘Keeping records – and keeping them well – is central to compliance with GDPR’. Ticking boxes won’t do. It is to be hoped that this will lead to greater investment in effective record-keeping by organisations leading to fewer breaches of data privacy.
Archives will be allowed to collect and keep personal data in the ‘public interest’ but must have a ‘legal obligation’ to do so. This is a serious worry for archive services without a statutory basis e.g. in universities. The ARA are therefore calling for ‘clear language in any UK and Irish implementing legislation that ‘all archiving purposes are in the public interest’ and therefore all archives have a clear legal basis to exist and do their invaluable work’.
Find out more about this issue and the implications of GDPR for archives, staff, and their users in this excellent ARA blog post, When Worlds Collide, published on 1 June 2017.
More helpful links:
- RLUK piece reflecting on GDPR. A research library perspective.
- The ICO’s pages on the GDPR. The legal side.
- Thoughts from records managers: FOIMan.