The General Data Protection Regulation (GDPR) is the European Union’s new legislation to protect the personal data of EU citizens. It will come into force from 25 May 2018.
The Data Protection Act (DPA) was written over 20 years ago and has clearly become out of date considering recent technological advances.
The GDPR has been written to keep pace with the modern technological landscape and is more extensive in scope than the DPA. It extends the data rights of individuals and requires organisations that hold personal data to develop policies to protect all personal data held.
Businesses that hold personal data must:
• Be transparent in their use of such data
• Only use the data for the purpose for which it was acquired
• Hold the minimum level of data required to fulfill the objective
• Destroy the data once the purpose for which it was acquired has been fulfilled
Non-compliance can result in serious fines of up to 4% of turnover.