GDPR

General Data Protection Regulation (GDPR)
                             
Background
 
The GDPR is a new regulation coming into place on the 25th May 2018, this applies to those who deal with a day to day responsibility with data protection. This is being regulated by the information commissioner’s office and has some similarities to the current data protection act (DPA).
 
Who does the GDPR apply to?
 
The GDPR applies to the controllers and processors. Controllers have the reasons behind the personal data being processed and processors are those who acts upon the data for the controller’s behalf.
 
What information does the GDPR apply to?
 
ALL information in which was in the scope of the data protection act will be included in the GDPR, for example HR records, customer lists, contact details etc.
 
GDPR has a more detailed explanation of personal data than DPA and includes numerous new types of personal data such as IP addresses. The GDPR also includes automated personal data and manual filing systems in which could be accessible to a specific criterion.
 
Data that has been pseudonymised or key coded is now included in the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.
 
Key principles and requirements for personal data
 

• Consent of the data subject must be had before the start of processing

• Processed lawfully, fairly and in a transparent manner
• Collected for a specified, explicit and legitimate purpose
• Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
• Accurate and up to date
• Kept in a from in which requires identification of data subjects and to be stored no longer than necessary
• Processed in a manner than ensures appropriate security of the personal data therefore reducing the possibility of damage or a reduction in integrity