#DM18: Understanding the GDPR
Delegate meeting session on the GDPR - © NUJ
19 April 2018
Tasmin Allen from law firm Bindmans LLP presented a session this afternoon at the NUJ delegate meeting in Southport about the forthcoming general data protection regulations with a particular focus on the implications for journalists and the NUJ.
As well as explaining the specific and essential aspects of the General Data Protection Regulation (GDPR) (Regulation (EU), she set out the bigger picture, alluding to the wide-range of social, political, and legal questions for society posed by the collection and usage of big data.
Allen highlighted issues such as the Cambridge Analytica scandal, the use of facial recognition technology, the exploitation of people's personal information by multi-national companies to make a profit and the potential of big data to undermine the presumption of innocence. She stressed that none of these big data issues would be tackled by the general data protection regulations. Nevertheless she maintained these were issues that should be debated by journalists and society.
The general data protection regulations provided an opportunity for journalists and media workers to "audit your systems", said Allen – the regulations come into force on 25 May 2018.
Key issues highlighted in the presentation included:
- The definition of "personal data" is any data by which a living individual can be identified and it covers indirect identifications such as a number, location data or IP address.
- The definition of a data "processor/controller" remains the same as the definition in the previous data protection regime.
- The new GDPR applies to all digital data and can also apply to well-structured manual files.
- The journalism exemption remains in place and covers a wide-range of people. It refers to having a view to publication and the public interest.
- The journalism exemption also relates to journalistic purposes rather than defining who is a journalist.
- There must be a lawful basis for processing information, and there are wide-ranging grounds that include both consent and legitimate interests (of the data controller).
- Consent is often the safest legal basis to rely on.
- There are stricter regulations relating to children and to special categories such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data relating to health, sex life or sexual orientation, genetic data, and biometric data when it uniquely identifies a person.
Access the latest NUJ parliamentary briefing submitted to the parliamentary bill committee about the draft data protection legislation.
NUJ freelance guidance on the GDPR (NUJ members-only access).
Resources from the ICO including checklists and information on the GDPR.