GDPR

GDPR stands for General Data Protection Regulation. In simple terms it affects internet users based in EU/EEA by granting them specific rights and control over when and how their personal data is processed. The GDPR regulations are uniform across all 28 countries in the EU. Data subjects protected by the GDPR have the right to access what information is collected about them, who it’s shared with, and how it’s used. The regulation covers the protection of the following data:

·       Personal data that relates to an identified or identifiable individual such as a name, address and/or ID numbers.

·       Web data such as location, IP address, cookie data, and RFID (radio frequency identification) tags.

·       Special Category Information such as health and genetic data, political opinions, biometric data, racial or ethnic data and sexual orientation.

There are a number of key rules that organisations must follow to ensure that they are following in line with the data protection act:

·       Obtain and process the information fairly

·       Keep it only for one or more specified and lawful purposes

·       Use and disclose it only in ways compatible with those purposes

·       Keep the information you have about people safe and secure

·       Keep it accurate, complete and up to date

·       Ensure it is adequate, relevant and not excessive

·       You should not keep information for longer than is necessary

Failure to comply with GDPR may result in penalties under the EU regulation. A maximum fine under the EU GDPR is €20 million or 4% of the businesses total annual worldwide turnover.