A GDPR summary guide to outline changes to data protection rules
Set for enforcement in May 2018, The General Data Protection Regulation (GDPR) is one of the most wide-ranging pieces of legislation passed by the EU in recent memory. It is being introduced to standardise data protection law across the single market and give people, in a growing digital economy, greater control over how their personal information is used.
All organisations that process personal data and operate within, or sell goods to, the EU are impacted by the GDPR. The definition of processing is designed to cover practically every type of data usage and includes collection, storage, retrieval, alteration, storage and destruction.
The GDPR applies to both data ‘controllers’ and ‘processors’. Data controllers determine the purpose and manner in which data is processed. Data processors are any third party undertaking data processing on behalf of a controller.
How does Brexit affect the GDPR in the UK?
In the UK, the GDPR will be enforced from 25th May 2018 and apply up until Britain’s withdrawal from the EU, at which point the government’s proposed Data Protection Bill will come into effect.
GDPR summary – the DPA
The Data Protection Bill, designed to ensure that the UK retains its position as a ‘world-class regime protecting personal data’, will continue to enforce GDPR standards post-Brexit.
Article 4 of the GDPR defines personal data as ‘any information relating to an identified or identifiable natural person’. For most organisations, this means implementing appropriate measures to protect information relating to employees, customers and partners.
The GDPR expands the definition of personal data beyond the current Data Protection Act (1998) to also include information that could be used to indirectly identify individuals, such as ID numbers, location data and online identifiers including IP addresses and web cookies. Other examples of personal data include: