Definition: GDPR

GDPR stands for General Data Protection Legislation. It is a European Union (EU) law that came into effect on 25th May 2018. GDPR governs the way in which we can use, process, and store personal data (information about an identifiable, living person). It applies to all organisations within the EU, as well as those supplying goods or services to the EU or monitoring EU citizens. Therefore it is essential for businesses and organisations to understand explicitly what GDPR means. It is the legislative force established to protect the fundamental rights of data subjects whose personal information and sensitive data is stored in organisations. Data subjects will now have the right to demand subject access to their personal information, and the right to demand that an organisation destroys their personal information. These regulations will affect most sectors within business, from marketing to health services. Therefore, to avoid the crippling fines administered by the Information Commissioner’s Office (ICO) it is essential to become GDPR compliant.

GDPR Key Principles:

  • Lawfulness, transparency and fairness
  • Only using data for the specific lawful purpose that it was obtained, the most lenient of which is legitimate interests
  • Only acquiring data that we strictly need
  • Ensuring any data we possess is accurate
  • Storage limitation
  • Integrity and confidentiality
  • Accountability

Why Is GDPR Important?

Primarily GDPR is important since it provides a single set of rules for all EU organisations s to adhere to, thus giving businesses a level playing field and making the transfer of data between EU countries quicker and more transparent. It also empowers EU citizens by giving them more control over the ways in which their personal data is used. Prior to introducing the new GDPR legislations, the European commission found that a mere 15% of citizens felt that they had complete control over the information that they provided online. With such low trust amongst the general public it is clear that consumer habits will ultimately be affected. Measures to rebuild this confidence, through introduction and proper implementation of GDPR, are expected to increase trade. Thorough implementation of data protection policies and staff education are important as non-compliance could result in a data breach. The Information Commissioner’s Office (ICO) can issue fines of up to 4% of your annual turnover or €20 million, whichever is greater, in the event of a serious data breach. Data protection training is a necessity in mitigating the risk of data breaches.

Source and more details:

Full legal text of GDPR:

Posted in Definition.