Last Updated: 19th March 2018
MyRidingClub are working towards full adherence to the new GDPR (General Data Protection Regulation) which comes into force on 25th May 2018.
GDPR will replace the current Data Protection Act (DPA) governing the processing of personal data. MyRidingClub is working hard to ensure that it is fully prepared for these changes when they come into effect and will be documenting the progress along the way through our GDPR statement.
A lot of the concepts and principles will remain the same as those stated in the Data Protection Act but with more emphasis on accountability and how businesses are demonstrating compliance. GDPR still applies to ‘personal data’ but there is a lot more detail included. The details makes it clear that personal data can be something that indicates location such as an IP address.
Unlike the DPA, the GDPR applies to both controllers and processors of data. The definitions mostly remain the same with the controller saying how and why data is used and the processor acting on behalf of the controller.
At times MyRidingClub act as both the controller and the processor. Where we are the controller we will document who is the processor and where we are the processor we will document who is the controller.
In order to achieve full compliance we have:
- A programme of data audits underway to ensure we fully adhere to the new regulation.
- Started to document fully how and why personal and sensitive data is used in the company.
- Started a review of software requirements and are working on amendments where necessary to ensure compliance