What is the meaning of GDPR?
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information. There are seven key principles at the core of the GDPR. These principles includes the collection, organisation, structuring, storage, alteration, consultation, use, communication, combination, restriction, erasure, or destruction of personal data.
In a nutshell, the seven principles are :
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality (security)
The regulation now gives individuals power over the use of their personal data and holds organisations accountable for their data collection and usage practices.
At the very heart of GDPR is personal data. What is considered personal data?
Personal data is any information that relates to an identified or identifiable living individual. Personal data that has been rendered anonymous in such a way that the individual is not or no longer identifiable is no longer considered personal data.
This can be something obvious, such as a person’s name, location data, or a clear online username, or it can be something that may be less apparent such as an IP address or cookie identifiers (hence why you now need to accept cookies on most websites)
Under GDPR there are also a few special categories of sensitive personal data that are given greater protections. This personal data includes information about racial or ethnic origin, political opinions, religious beliefs, membership of trade unions, genetic and biometric data, health information and data around a person’s sex life or orientation.
The crucial thing about what constitutes personal data is that it allows a person to be identified.
What are the GDPR rights for individuals?
The right to be informed, the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object and also rights around automated decision making and profiling.
When it comes to my business, how do I know if GDPR applies to me?
For Small businesses, the Information Commissioner’s Office, or ICO has an online assessment you can complete. See links below:
- How well do you comply with data protection law
If you CLICK FOR MORE INFORMATION under each of the questions, it will highlight areas you perhaps hadn’t thought about.
- Does data protection law apply to my business?
- Registration self-assessment Still unsure, take a quick test.
If you have any questions regarding the above, then please don’t hesitate to get in touch. firstname.lastname@example.org or 07785798324