GDPR stands for General Data Protection Legislation. It is a European Union (EU) law that came into effect on 25th May 2018. GDPR governs the way in which we can use, process, and store personal data (information about an identifiable, living person). It applies to all organisations within the EU, as well as those supplying goods or services to the EU or monitoring EU citizens.
Therefore it is essential for businesses and organisations to understand explicitly what GDPR means. It is the legislative force established to protect the fundamental rights of data subjects whose personal information and sensitive data is stored in organisations. Data subjects will now have the right to demand subject access to their personal information, and the right to demand that an organisation destroys their personal information. These regulations will affect most sectors within business, from marketing to health services. Therefore, to avoid the crippling fines administered by the Information Commissioner's Office (ICO) it is essential to become GDPR compliant.
GDPR Key Principles:
- Lawfulness, transparency and fairness
- Only using data for the specific lawful purpose that it was obtained, the most lenient of which is legitimate interests
- Only acquiring data that we strictly need
- Ensuring any data we possess is accurate
- Storage limitation
- Integrity and confidentiality
- Accountability
The General Data Protection Regulation (GDPR) governs the way in which personal data is gathered and handled in the European Union (EU). Personal data is defined as any information relating to an identified or identifiable, living person. GDPR applies to any individual or organisation that handles personal data within the EU. Countries outside of the EU that handle personal data are known as 'Third Countries' under GDPR.