General Data Protection Regulation (GDPR)
The GDPR is a new regulation coming into place on the 25th May 2018, this applies to those who deal with a day to day responsibility with data protection. This is being regulated by the information commissioner’s office and has some similarities to the current data protection act (DPA).
Who does the GDPR apply to?
The GDPR applies to the controllers and processors. Controllers have the reasons behind the personal data being processed and processors are those who acts upon the data for the controller’s behalf.
What information does the GDPR apply to?
ALL information in which was in the scope of the data protection act will be included in the GDPR, for example HR records, customer lists, contact details etc.
GDPR has a more detailed explanation of personal data than DPA and includes numerous new types of personal data such as IP addresses. The GDPR also includes automated personal data and manual filing systems in which could be accessible to a specific criterion.
Data that has been pseudonymised or key coded is now included in the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.
Key principles and requirements for personal data