What is the meaning of GDPR?

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information.  There are seven key principles at the core of the GDPR.  These principles includes the collection, organisation, structuring, storage, alteration, consultation, use, communication, combination, restriction, erasure, or destruction of personal data.

In a nutshell, the seven principles are :

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

The regulation now gives individuals power over the use of their personal data and holds organisations accountable for their data collection and usage practices.


At the very heart of GDPR is personal data.  What is considered personal data?

Personal data is any information that relates to an identified or identifiable living individual. Personal data that has been rendered anonymous in such a way that the individual is not or no longer identifiable is no longer considered personal data.

This can be something obvious, such as a person’s name, location data, or a clear online username, or it can be something that may be less apparent such as an IP address or cookie identifiers (hence why you now need to accept cookies on most websites)

Under GDPR there are also a few special categories of sensitive personal data that are given greater protections. This personal data includes information about racial or ethnic origin, political opinions, religious beliefs, membership of trade unions, genetic and biometric data, health information and data around a person’s sex life or orientation.

The crucial thing about what constitutes personal data is that it allows a person to be identified.


What are the GDPR rights for individuals?

The right to be informed, the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object and also rights around automated decision making and profiling.


When it comes to my business, how do I know if GDPR applies to me?

For Small businesses, the Information Commissioner’s Office, or ICO has an online assessment you can complete.  See links below:


Additional Resources

Martine Robins from The HR Department has written a blog highlighting where SMEs are most at risk.  It links in nicely to my Data Security blog too, in case you missed that a couple of weeks ago.

Louise Hall from 2020 Business Law is also on hand if you are concerned about your Privacy Policy or the Disclaimer on your website.


If you have any questions regarding the above, then please don’t hesitate to get in touch.  tracy.hampton@hbsvcs.co.uk or 07785798324