0 £0.00
This item was added to your basket

Dear visitor,
You are viewing 1 of your 2 free articles

We’ve made wider, important changes to our print and online content to enhance the value of exclusive, insightful, discerning content we create every day. Support valuable editorial content by becoming a member of our Credit Club - register for free or choose a paid plan.

Register now or Login

General Data Protection Regulation

Peter Wallwork, chief executive of the Credit Services Association (CSA), explains why credit firms should be preparing for the new General Data Protection Regulation (GDPR) now.

Peter   Wallwork

Share on LinkedInShare on Twitter
Peter   Wallwork
Share on LinkedInShare on Twitter
Peter Wallwork
Peter Wallwork

Although it won’t apply until 28 May 2018, credit firms should be preparing for the new General Data Protection Regulation (GDPR) now.


It is a piece of European legislation which is set to replace the UK’s current data protection legislation, the Data Protection Act 1998.


Both the ICO (the UK’s data protection supervisory authority) and Karen Bradly MP (the Secretary of State for Culture, Media and Sport) have made statements confirming that GDPR would still be relevant to the UK, despite the referendum vote to leave the European Union.


Of course, if you do business in European member states or process personal data about EU subjects, then you will need to comply with GDPR, regardless of the UK’s eventual relationship with the EU.


It will affect any organisation that processes personal data – including employee data. It will also introduce new rights for individuals concerning their access to their own data and the manner in which it is processed.


The new legislation will increase accountability for data protection and will give individuals more rights in relation to their data (including access rights).


It introduces new obligations for reporting data protection breaches and removes the option for organisations to charge a fee for subject access requests. The changes to data protection legislation are going to mean that firms will need to scrutinise their data protection practices to ensure they meet the new requirements.


There will be tough new sanctions for organisations who fail to comply with the GDPR and individuals will have increased rights to claim compensation.


Although the new legislation retains many of the core principles and aims of existing data protection legislation, it introduces a number of new requirements for firms:

  • Heavier financial penalties
  • Processor liability and relationship with controllers
  • Accountability
  • Privacy notices / fair processing notices
  • Special categories of personal data
  • Consent
  • Subject Access Requests / rights of access
  • Documenting processing activities
  • Data Protection Officers
  • Breach notification
  • Data protection by design and by default / Privacy Impact Assessments (PIAs)
  • Transfer of data
  • Right of erasure / right to be forgotten
  • Right to restrict processing
  • Right to object
  • Rights related to automated decision-making and profiling

We have published detailed guidance for our members on exactly what they can do to address each of these factors – and this is something we are encouraging them to start doing now.


We’re also developing a Code of Conduct for GDPR through the Federation of European National Collection Associations (FENCA) which will help the debt collection sector apply best practice.


Making legislative changes work for your organisation is down to constant learning and development that takes each new requirement as an opportunity to further improve practice.



Share on LinkedInShare on Twitter
Add New Comment


Credit Strategy
LinkedIn page

Did you find our website useful?

Thank you for your input

Thank you for your feedback

creditstrategy.co.uk – an online news and information service for the UK’s commercial and consumer credit industry. creditstrategy.co.uk is published by Shard Financial Media Limited, registered in England & Wales as 5481132, Axe & Bottle Court, 70 Newcomen St, London, SE1 1YT. All rights reserved. Credit Strategy is committed to diversity in the workplace.
@ Copyright Shard Media Group