What is GDPR?
The European General Data Protection Regulation (GDPR) comes into force on the 25th May 2018.
It is the most significant overhaul of data protection legislation that Europe has seen in over twenty years.
The regulation replaces the existing data protection framework, under the EU Data Protection Directive, and introduces substantial changes to data protection law.
Data protection law ensures an organisation processes personal data in an appropriate way while they have it or faces significant consequences.
Every organisation throughout the world that processes the personal data of individuals in the EU as well as every organisation established in the EU processing
personal data of any individuals.
GDPR strengthens the rights of EU citizens to data privacy and central to this is the three principles of:
Data Protection Principles
The principles form the fundamental conditions which organisations must follow when collecting, processing and managing the personal information data for all European citizens.
There are now seven principles which are set out below.
1. Transparency – Data processing should be lawful, fair and done in a transparent manner.
2. Purpose Limitation – The collection of data should only be for a specified, explicit and legitimate purpose. Processing should not be incompatible with that specific purpose.
3. Data Minimisation – Processing of data should be limited to only what is necessary to achieve the purpose.
4. Accuracy – Inaccurate or incorrect personal data should be corrected or deleted as soon as possible.
5. Storage Limitation – Data should only be held in a form that allows identification of the individual for as short a time as possible. Following this time it should then be anonymised or erased.
6. Integrity and Confidentiality – The security and integrity of the data should be protected via both technological and organisational structures.
7. Accountability – The Data Controller must be able to actively demonstrate compliance with the Regulation.
The Practical Approach to GDPR
We all know that the EU General Data Protection Regulation (GDPR) will bring a massive change in the way businesses operate and handle personal data.
Here are some approaches you can take to help you with GDPR.
1. Document your current processing activities.
2. Identify gaps in compliance.
3. Prioritise high risk gaps.
4. Address these risks as quickly as
5. Document everything.
And then go around again.