What is GDPR?
GDPR stands for General Data Protection Regulation and according to gdpr.eu, is the toughest privacy and security law in the world.
In a world where we share our data with not only our bank or doctors, but our favourite brands and even a local coffee shop, GDPR is about ensuring businesses comply to keep personal data as safe as possible, particularly with data breaches being a regular occurrence.
Who does GDPR apply to?
If you process personal data of EU citizens or offer goods or services to EU citizens then GDPR applies to you.
What does it mean?
If you fit the definition of who GDPR applies to apply, then gdpr.eu summarise the key data principles you must follow:
- Lawfulness, fairness and transparency — Processing must be lawful, fair, and transparent to the data subject.
- Purpose limitation — You must process data for the legitimate purposes specified explicitly to the data subject when you collected it.
- Data minimisation — You should collect and process only as much data as absolutely necessary for the purposes specified.
- Accuracy — You must keep personal data accurate and up to date.
- Storage limitation — You may only store personally identifying data for as long as necessary for the specified purpose.
- Integrity and confidentiality — Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g. by using encryption).
- Accountability — The data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.
What impact does it have on my business?
There’s several factors that could influence how it affects your business, but we’ve summarised some of the impacts below:
- Your business falls into a category that requires you to employ a DPO (Data Protection Officer), typically if you’re a public authority or a large business that requires you to regularly monitor people or process data
- How you’re collecting data, including marketing opt ins – gone are the days of automatically opting customers in to receiving marketing
- If you’re handling data, then you need to make sure you’re implementing the right technology and training into your business. For example two-factor authentication and end-to-end encryption
Find out more about GDPR and how it could impact your business HERE.