This comes into effect on 25th May 2018 and is not affected by BRITEXIT. It follows from the earlier Data Protection Act legislation 2003 and extends the rights of individuals in respect of data being held about them.
If you are not aware of these rights and the implications for your systems you need to get up to speed quickly. A likely big threat to your organisations compliance is the ability to change any of your legacy systems to make them conform. You will also need to secure an implementation budget and let your senior management know what you intend to do and over what timescale.
A legacy system is usually defined as system that is still in operation but is based on obsolete or near obsolete technologies including operating systems, databases and application software. It is often difficult and unattractive to maintain and risky to modify.
You may have fragile legacy systems and a policy of not changing them. You may have more robust legacy systems but perhaps there is no one left who properly understands their full design or implementation. The “leave them untouched” defence will not stand scrutiny with regard to the legislation which gives an extended set of rights to you current or previous customers as individuals.
You may have also recently seen recent headlines around the theme of “Legacy systems become barriers to fighting financial crime” There are ways of achieving data access to legacy systems with far less risk than trying to modify these old systems. There are new products using up-to-date web browser technology and data-mapping into new databases which can enable a modern reliable access.
By Mike Newman
You may also like to take part in a short survey, which is part of a wider research project on the impact of regulations for legacy system users.
If you are interested in receiving a copy of our legacy systems checklist Click here to request a copy.