1. What is GDPR?
GDPR is the General Data Protection Regulation and replaces the current Data Protection Act 1998 (the DPA) on the 25th May 2018. This is a new EU regulation designed to ensure data privacy and enhance control over the use of personal data. The new regulation is a substantial overhaul of the data protection laws that have evolved over the past three decades, bringing it in line with the new digital world. It affords Data Subjects more rights about how their personal data can be used by organisations processing it.
It covers similar aspects as the DPA and is underpinned by 6 key principles;
1. Processed fairly, lawfully and in a transparent manner
2. Collected for specified, explicit and legitimate purposes and not further processed for other purposes incompatible with the original purpose
3. Adequate, relevant and limited to what is necessary in relation to the purposes
4. Accurate and kept up to date
5. Kept in a form that permits identification no longer than is necessary
6. Processed in a way that ensure appropriate security of the personal data