GDPR Explained

What is GDPR?

GDPR – General Data Protection Regulation – is intended to improve how data is protected as well as increase the accountability for those organizations that suffer data breaches.

GDPR is the most comprehensive data privacy regulation to date and allows individuals to have better control over their own data. Because of this, it presents challenges to organizations that process personal data of any EU citizen – regardless of where that organization is headquartered. Any organization that handles or uses personal data from EU citizens is obligated to comply with GDPR, regardless of where they are based. If you don’t you could face heavy fines of up to €20 million or 4% of your global turnover.

What is ‘personal data’?

GDPR redefines personal data as ‘any information relating to an individual, whether it relates to his, or her, private professional or public life.’ This is a wider definition from previous data protection legislation and covers name, home address, photo, email address, bank details, social media posts, medical information and a computer IP address.

Any data set that can be used to identify an individual, is required to be regulated by GDPR.

GDPR and Brexit

The UK Government has already stated that it will implement the same regulation for the UK so that after Brexit there will still be a common standard to apply to data protection. For that reason, compliance remains a priority - now and in the future.