http://thelawclinic.co.uk/wp-content/uploads/2018/03/GDPR.jpg 1083 2000 Sarah http://thelawclinic.co.uk/wp-content/uploads/2017/03/Final-Logo-small.png Sarah2018-03-14 11:44:092018-03-14 12:00:14The General Data Protection Regulation (GDPR )
Very broad overview
- The GDPR comes into effect on 25 May 2018. As an EU regulation it takes effect directly in EU states, meaning you need to comply with it. It does allow EU states to make it clear how it applies in a country, and this is what the new Data Protection Bill 2017 (DPB) seeks to achieve. Both need to be read side by side for a full understanding of what you need to do to ensure compliance.
- The GDPR applies to “data controllers” and “data processors”. The difference lies between who controls the data overall, and who possesses it at any given time.
- Under the previous rules, processors were not governed too heavily. This has changed with the GDPR, and processors now have a number of additional obligations.
- The rules apply specifically to “personal data” which is information relating to an identifiable person who can be directly or indirectly identified by reference to a specific identifier. This is a very general definition which includes names, reference numbers, location data, browser data, etc. Essentially, anything that can be used to collect information about a user.
- The overall principle of the GDPR is to promote transparency of how personal data is processed and the ensure “data protection by design” and “by default” in your business model and software architecture.
- The DPB adds additional provisions about immigration, law enforcement information sharing, national security and the operation of the ICO (the information commissioner’s office, which governs and enforces data protection rules in the UK).
If you would like some tailored advice, relevant to your business then please contact us on 020 8579 1345