The EU General Data Protection Regulation (GDPR) comes into force on Friday 25 May 2018. It has taken four years to develop and is the most important change in data privacy legislation in two decades.
GDPR is an EU-wide regulation that will replace the current data protection laws in the UK. It has been designed to provide greater protection for personal data in today’s digital world.
Brexit will not affect the commencement of the GDPR. The UK Government has made it clear that GDPR will become part of UK law from Friday 25 May, as it also applies to organisations who interact with citizens of other EU countries.
The NAS, as a data processor, will comply with its GDPR obligations when they take effect and will work to ensure privacy and responsible use of data for all our stakeholders.
The NAS is committed to adhering to all GDPR procedures. We have clear policies and processes in place to ensure we comply, and we will exercise responsibly our duties as a data controller and data processor.
Complying with all reasonable requests from individuals to find out about the information we hold on them
Providing evidence for audits
The NAS is reviewing all consent forms across the organisation and amending these documents to show how and when consent should be obtained. This will ensure consent from individuals is affirmative, freely given, specific, informed and unambiguous.
The option to opt out of marketing communications will always be available and included in communications with an individual outside the NAS.
The NAS believes that privacy is a very important right for citizens and wishes to assure all the company’s members, customers and suppliers that we are working hard to ensure compliance in all areas of the business.
NAS ARE UNABLE TO GIVE ADVICE OR GUIDANCE TO MEMBERS ON GDPR. WE WOULD ADVISE MEMBERS TO SEEK THEIR OWN INDEPENDENT ADVICE ON THE MATTER.