The recent introduction of the Data Use and Access Act has impacted on certain areas of day-to-day data protection practice.
The Act now enshrines various practices which were generally already followed by most organisations and understood to be ‘best practice’. For example, data controllers must conduct a reasonable and proportionate search when responding to a request to access data by an individual. The Act also confirms that time for processing a request is paused when seeking information reasonably required in order to respond.
One significant change, which will be relevant for our clients, is the requirement to have a complaints process in place for those who consider their data rights to have been infringed. Further, any complaints need to be acknowledged by the data controller within 30 days.
For those churches or charities who have previously purchased the ECS GDPR Pack, this includes a complaints process within the Data Protection Policy appendices. We have updated the wording of the complaints process in light of the new Act. Churches and charities may also need to review the wording of their Privacy Notices to ensure that these reflect the requirements of the Act, particularly concerning a complaints process.
We have made amendments to the GDPR Pack to ensure compliance with the Data Use and Access Act. To purchase the updated version of the GDPR Pack, please follow the link here: GDPR Pack – Edward Connor Solicitors
