What is GDPR?
GDPR stands for General Data Protection Regulation.
A regulation which superseded the UK Data Protection Act 1998, a new directive that requires organisations to protect the personal data and privacy of EU citizens. Organisations outside the EU (and post-Brexit) will still need to be compliant, if they process data of individuals who reside in the EU and UK.
The ICO have an in-depth Guide to General Data Protection Regulations which you can view here.
A lot more individuals are using the internet (and cloud) for various services. These services are provided by organisations with unrestricted access to individual personal data, in which they can use, abuse or sell to other 3rd parties.
So GDPR is being enforced to minimise the collection of personal data, delete personal data that is no longer required, restrict/control access, and secure the data through its entire lifecycle.
When is the deadline?
Issued in April 2016 by the EU, organisations will need to comply by 25th May 2018.
Is it too late?
If you have only just started looking into GDPR compliance, it is unlikely you will be 100% compliant by 25 May 2018. But don’t panic, you should prioritise tackling the areas where a lack of action would leave your business exposed.
Is my organisation affected?
If your organisation stores or processes the following data, it will need to be in compliance with the new GDPR laws.
Personal Data: Name, Address, Email address, Photo, IP address, Location data, Online behaviour (web cookies), Profiling and Analytics data;
Sensitive Personal Data: Race, Religion, Political opinions, Trade union membership, Sexual orientation, Health information, Biometric data, and Genetic data.