The General Data Protection Regulation (“GDPR”) is the new legal framework that will come into effect on the 25th of May 2018.
The GDPR’s focus is the protection, collection and management of personal data, (i.e. data about individuals, not companies/businesses) and it applies to all businesses who hold or otherwise process personal data (including sole traders) of people in EU Member States.
The GDPR aims to give control back to consumers/individuals over their personal data. New regulations include the “right to access” which is the right for the customer to obtain information from a business as to whether or not personal data concerning them is being processed, where it is being held and what it is being used for. Additionally, in some cases, customers will now have the “right to be forgotten”, which entitles them to erase their personal data if requested.
General Data Protection Regulation (GDPR)
These regulations required the commencement of implementation by 25 May 2018. These affect Organisations who process personal data electronically including when on PCs, Tablets, CCTV and mobile phones.
Personal data definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.
Organisations include the self-employed, any commercial businesses, Limited Companies, charities and public authorities.