What is GDPR?

On 25th May 2018, the Information Commissioner's Office (ICO) will enforce the General Data Protection Regulation. This applies to any business that processes data of EU citizens. It replaces the previous 1995 data protection directive upon which UK law is based.

The General Data Protection Regulation appears to be concerned with two main areas; giving people more control over their personal data and; providing a unified regulation across the European Union (EU). The Government has confirmed that the UK's decision to leave the European Union will not alter this. The full regulation is 88 pages long and has 99 articles. It can be accessed here.

From my understanding, this Regulation is designed to give more protection and rights to the individual with regards to the personal data businesses hold. The data a business or organisation may collect falls into two types of data covered by GDPR are 'Personal' and 'Sensitive'. 'Personal' data is concerned with information which identifies an individual. It includes name, date of birth/age, personal address and IP address etc. 'Sensitive' personal data includes information such as health, sex life, genetic information, religious and political viewpoint and so on. There have been several reports in the media about instances of data breaches by big businesses over the past year so the GDPR also requires that the "alteration, destruction, loss, unauthorised disclosure, or access" to people's data has to be reported to the country's data protection regulator and in the UK, to the ICO where there may be a detrimental impact on the individual the data concerns.

Under the General Data Protection Regulation, individuals are to be given more control over their personal data and how its used. The business or organisation holding the data needs to be transparent and is able to justify that data is collected and recorded for legitimate reason. Businesses have to make it easy and free for individuals to ask them to disclose what personal data is held and individuals can also ask for their data to be erased or forgotten from business systems. The Governments "New Data Protection Bill: Our Planned Reforms" can be accessed via the Government's web page here.

I hope this brief summary of the GDPR has been helpful and helps my clients feel reassured.

AcheAngel® is committed to keeping client's personal details confidential, private and secure and is complying with the General Data Protection Regulation (GDPR) and Data Protection (2018), once enacted.

More details can be found on the 'More About AcheAngel' web page.

This article any all other information referred to on this website is intended for guidance only. It is not all-encompassing, nor does it constitute legal advice.

Sources:

ICO GDPR overview

https://www.local.gov.uk/our-support/general-data-protection-regulation-gdpr

https://www.gov.uk/government/news/government-to-strengthen-uk-data-protection-law

https://www.local.gov.uk/our-support/general-data-protection-regulation-gdpr

https://www.bpe.co.uk/services/need/data-protection-the-gdpr/brilliantly-simple-guide-to-the-gdpr/the-data-protection-principles-explained/

https://www.bpe.co.uk/services/need/data-protection-the-gdpr/brilliantly-simple-guide-to-the-gdpr/what-is-classed-as-sensitive-personal-data/

https://www.bpe.co.uk/services/need/data-protection-the-gdpr/brilliantly-simple-guide-to-the-gdpr/brilliantly-simple-guide-to-the-gdpr/

https://blog.fht.org.uk/2018/02/13/gdpr-overview/

https://www.standard.co.uk/news/uk/what-is-gdpr-everything-you-need-to-know-about-the-new-eu-data-protection-laws-a3844501.html

http://smallbusiness.co.uk/what-does-gdpr-mean-business-2538556/

http://www.wired.co.uk/article/what-is-gdpr-uk-eu-legislation-compliance-summary-fines-2018,