On 25th May 2018, GDPR (The General Data Protection Regulation) will come into effect. This regulation is the EU’s new data protection law, replacing the Data Protection Directive. (Brexit will not affect the Directive coming into effect.) It is applicable to organisations of all sizes and industries.
Specifically, it applies to:
- Processing of anyone’s personal data, if the processing is done in the context of the activities of an organisation established in the EU (regardless of where the processing takes place)
- Processing of personal data of individuals who reside in the EU by an organisation established outside the EU, where that processing relates to the offering of goods or services to those individuals or to the monitoring of their behaviour.
The GDPR imposes a wide range of requirements on organisations that collect or process personal data. There are six key principles:
- Transparency, fairness and lawfulness in the handling and use of personal data. You will need to be clear with individuals about how you are using personal data and will need a lawful basis to process that data.
- Limiting the processing of personal data to specified, explicit and legitimate purposes. You will not be able to re-use or disclose personal data for purposes that are not “compatible” with the purpose for which the data was originally collected.
- Minimizing the collection and storage of personal data to that which is adequate and relevant for the intended purpose.
- Ensuring the accuracy of personal data and enabling it to be erased or rectified. You will need to take steps to ensure that the personal data you hold is accurate and can be corrected if errors occur.
- Limiting the storage of personal data. You will need to ensure that you retain personal data only for as long as necessary to achieve the purposes for which the data was collected.
- Ensuring security, integrity and confidentiality of personal data. Your organisation must take steps to keep personal data secure through technical and organisational security measures.