• About us
  • Pricing
  • Services
    • Consultancy
    • Training
  • Partners
  • Resources
  • Contact
  • Login
  • Try for FREE
Where do I start with GDPR?
February 8, 2018
January 8, 2018

Creative business colleagues analyzing photographs at conference table in office

Five things you need to know about the General Data Protection Regulation (GDPR)

What is GDPR?

The General Data Protection Regulation (GDPR) is an EU regulation that is in force from 25th May 2018. GDPR recognises that times have moved on since the Data Protection Act 1998. We live in a digital age where more and more data is processed in less and less transparent ways resulting in greater intrusion into our private lives.

GDPR is designed to give greater rights to individuals to control their own data and how it is used. The regulation puts the emphasis on organisations proving that they are doing no harm by processing personal data. It requires organisations to be more accountable for their data processing activities by not only requiring them to comply but demonstrate how they are doing so.

GDPR is not just about customer or client data – employees’ personal data and details of suppliers and other contacts are also covered.

Who does GDPR apply to?

The General Data Protection Regulation applies to those operating in the EU (including the UK) or selling products or services to EU citizens. It applies to all organisations from sole traders, microbusinesses and other small enterprises to large multinationals. If you collect, record, store, use or disclose data for your own purposes or that of another organisation, GDPR applies to you. There are some exemptions for small businesses on what records they must keep but these are unclear and untested – and don’t mean small businesses can ignore GDPR.

GDPR was transposed into UK law in 2017 ensuring that the regulation will remain part of UK law post Brexit. The new Data Protection Act 2018 will go live soon.

Recognising individual rights

First of all, the General Data Protection Regulation recognises the absolute rights of a person to own and have control over data that’s about them. There are eight key rights that GDPR identifies giving, for example, individuals the right to ask for copies of their information that you hold and the right to require you to delete it or transfer it to another company. In order to respect these rights, organisations need to think about data processing as being allowed to “borrow” that person’s data to do something positive for them.

‘Personal data’ applies to any information that means you can identify a living person. That’s a very wide definition that includes everything from a name, work or personal email address and phone number to a computer’s IP address and even photos and images.

The six principles of GDPR

  1. Each person’s data must be processed in a lawful, fair and transparent manner. This means that an organisation must have a clear basis for using the person’s data and clearly communicate what they’re doing with it.
  2. The person’s data must only be used for the purposes that the organisation declares - and nothing else. If an organisation wants to use it for a new purpose, it needs to check with the person.
  3. Organisations must minimise the amount of personal data they hold and use, only keeping what is absolutely essential for meeting the purpose. Any additional data is considered unnecessary and must not be kept ‘in case it comes in handy or we work out something new we can do with it’.
  4. Data must be accurate and up to date. Sometimes, the easiest way to ensure this is to help people keep their own information up to date.
  5. Organisations should only keep personal data for the time needed to perform the task they’re doing (the “purpose” in 2 above). It’s ok to keep certain information for several years if you can justify it is necessary to meet legal obligations.
  6. Personal data must be kept securely. An organisation needs to have technology and organisational safeguards in place to ensure that personal information remains confidential as well as being accessed when needed, and being up-to-date and correct.

How do I comply?

All organisations need to take steps to not only comply with the General Data Protection Regulation but demonstrate that they are doing so.

Astrid is an online platform designed to help small and medium sized businesses (SMEs) protect the personal data they hold and meet the requirements of GDPR. Developed with small businesses in mind, our secure online platform shows you what you need to do, and gives you the tools and information you need - all broken down into practical, manageable steps. Find out more about our services.

Read our blog ‘where do I start with GDPR’ to find out the priorities in your journey to GDPR compliance.


Protect your business - become and remain GDPR compliant with Astrid

 
Subscribe today
 
Share
Nicki Chennells
Nicki Chennells

Related posts

February 24, 2022

GDPR and CCTV cameras in vehicles – are you still compliant with data protection laws?

Read more

Leave a Reply Cancel reply

You must be logged in to post a comment.

Astrid Data Protection Ltd.

24 John Clare Close
Brackley
Northamptonshire
NN13 5GG

Useful links

  • Home
  • About us
  • Pricing
  • Services
  • Partners
  • Resources
  • Contact
  • Privacy notice
  • Cookie policy
Company number: 11166227 - ICO registration: ZA310233 - © 2018 Astrid Data Protection Ltd.
Astrid Data Protection Ltd uses cookies on this website. Some are essential, others improve functionality and track your use of the site to help us improve it. You can reject the functionality and tracking cookies using the Reject button. To find out more read our cookie policy. Accept Read More Reject
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT