The European Union (EU) General Data Protection Regulation (GDPR) is both complex and far-reaching. A significant obligation place on organisations is one of ‘Accountability’ which means if companies cannot demonstrate and evidence that they are processing data and information in a way that is fair, lawful and transparent according to the data protection legislation, this will present a significant risk to all organisations in terms of potentially high financial penalties and reputational damage.
What is the General Data Protection Regulation (GDPR)?
The GDPR governs how organisations collect, store and process personal data. It is designed to give greater transparency and protection to data subjects whenever their data is processed.
This regulation is essentially an upgrade to the previous UK Data Protection Act 1998 (DPA).
The UK has replaced the 1998 Act with the Data Protection Act 2018 which implements the GDPR into UK law and deals with areas of processing not covered under the EU Regulations.
What is Personal Data?
Personal data includes obvious information such as names, addresses, email address and so on but also extends to information such as online identifiers, photographs and location data to reflect changes in technology. The definition covers any information that can identify an individual, directly or indirectly.
The GDPR has 6 principles have to meet in order to process personal data lawfully as follows:
Processed lawfully, fairly and in a transparent manner
Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
Adequate, relevant and limited to what is necessary
Accurate and, where necessary, kept up to date
Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
Processed using appropriate technical or organisational measures
One Compliance GDPR Consultancy Services
One Compliance offers a wide range of services to support your organisation in maintaining compliance with Data Protection Legislation. We always tailor our services to meet the needs of our clients.
We specialise in information security and compliance consultancy and have over 20 years of experience within these areas. Our consultants can support with any part of your GDPR journey.