The GDPR - ensuring a high level of data protection across the UK and Europe
The General Data Protection Regulation (GDPR) is one of the most wide-ranging pieces of legislation passed by the EU in recent memory. It was introduced to standardise data protection law across the single market and give people in a growing digital economy greater control over how their personal information is used.
Who does the GDPR apply to?
All organisations that process personal data and operate within, or sell goods to the EU are impacted by the GDPR. The definition of processing is designed to cover practically every type of data usage and includes collection, storage, retrieval, alteration, storage and destruction.
The GDPR applies to both data ‘controllers’ and ‘processors’. Data controllers determine the purpose and manner in which data is processed. Data processors are any third-party undertaking data processing on behalf of a controller.
How does Brexit affect the GDPR in the UK?
In the UK, the requirements of the GDPR are implemented and ratified by the Data Protection Act 2018.
Under the UK’s Brexit Withdrawal Agreement Bill, a transition period will run until December 31, 2020, during which time the GDPR and DPA will continue to apply side-by-side. During this transition phase, the UK and EU will attempt to negotiate a new data privacy arrangement, but the UK government has stated that the majority of GDPR and DPA provisions are likely to remain in place.
What is personal data?
Article 4 of the GDPR defines personal data as ‘any information relating to an identified or identifiable natural person’. For most organisations, this means implementing appropriate measures to protect information relating to employees, customers and partners. The GDPR expands the definition of personal data to include all information that could be used to indirectly identify individuals. Other examples of personal data include:
- ID numbers
- IP addresses and cookie IDs
- HR records
- Customer contact details
- Health records
- CVs and employment details
- CCTV and call recordings
Need advice or help from our friendly team?Get in touch
GDPR v DPA
How does the GDPR differ from the Data Protection Act (DPA) 1998?
Data Protection Officers
Right to be forgotten
Privacy by design
Article 5 Principles
Personal data shall be...
Protecting personal data
The importance of ensuring the security of personal data
In order to ensure ongoing data security, principle six of the GDPR states that personal data should be processed in an appropriate manner.
Protecting personal data against unauthorised processing, accidental loss and destruction forms an integral part of measures all organisations should take.Read our GDPR compliance guide
Tailored solutions for GDPR compliance
By helping you to understand and address gaps in your organisation’s cyber security as well as proactively detect and respond to threats when they occur, Redscan’s managed security and assessment services support swift, hassle-free GDPR compliance.
Managed Detection and Response
Award-winning support to rapidly detect and respond to the latest threats 24/7Read more
Specialist engagements to uncover and address hidden cyber security risksRead more
Managed Security Services
Expert help to manage and monitor your choice of security technologiesRead more
Get in touch
Complete the form for a prompt response from our team.