GDPR can be a mind-boggling topic, and to be frank, a little tedious at times! This is why we wanted to bring you a quick, informative blog about ‘What is GDPR’ (the new Data Protection Act 2018). Including everything you need to know to ensure your business is compliant.
What does GDPR stand for?
GDPR stands for General Data Protection Regulation, and it was introduced back on the 25th May 2018 as a replacement of the old Data Protection Act (1998). In essence, GDPR is the Data Protection Act 2018. It was designed to modernise the laws surrounding the protection of personal data, considering some of the new technological changes such as cookies.
The introduction of the GDPR was also meant to ‘harmonise’ data privacy laws across Europe, as well as giving greater protection and rights to individuals.
Who does the GDPR apply to?
In short, everyone. Regardless of whether you carry out businesses inside or outside of the EU. Most businesses need to comply with the GDPR, as the majority store or collect some data belonging to individuals. No matter the size of your business, the ICO (governing body) clearly states that if you process personal data, you must comply with the GDPR.
How do I process data under the GDPR?
The 7 principles of GDPR outline the steps you need to take to ensure your business is GDPR compliant. The key thing to remember is that personal data should be processed lawfully, transparently, and for a specific purpose. Any requests from individuals to amend or remove the personal data you have on them, have to be followed immediately.
What happens if a business breaches the GDPR?
A breach of GDPR is defined as a breach of security leading to the unlawful loss, destruction, disclosure, or unauthorised access to personal data.
Organisations are not required to report every breach, only those which lead to the violation of people’s rights. However, with this in mind, every organisation is required to be GDPR compliant. Therefore taking the necessary steps to prevent a breach from occurring.
What counts as personal data?
Personal identifiable data (PID) is any type of information that can be related to an identifiable individual. This can be things as simple as a phone number or name, or other identifiable factors like an IP address. If you can identify an individual directly from the information you have on them, this is classed as personal data.
What about Brexit?
With the ever-looming Brexit, questions are often being raised with regards to how the GDPR will effect UK businesses after we leave the EU. As Article 50 was triggered by the UK Government back in 2017, GDPR was implemented after this Brexit vote, meaning the UK must still comply.
In addition to the GDPR, a new Data Protection Act 2018 was introduced on the 23rd May 2018. This act not only replicates the GDPR, but also includes a few additional regulations not covered by the EU law.