An introduction to GDPRAre you ready for the new regulations?
Changes to the data protection directive
Many of the old data regulations are still relevant and have been retained in the new GDPR. However, with being such an integral part of the way we run our lives and our businesses, the GDPR is making important improvements, particularly around the issue of consent.
Data collectors are now required to explain whyis being stored and what it will be used for. Terms and conditions must be written in clear and plain language so that there can be no ambiguity over the consent given, and must be easily accessible to the owner (now referred to as the Data ).
What is the territorial scope for GDPR?
Previously, the rules around territories and data protection were unclear. GDPR goes a long way to streamlining this, while also increasing the scope of its coverage. So if your company processes personalin any of the EU states, the new laws apply to you, regardless of your location.
This also means that the actual processing of thatcould be taking place anywhere in the world and would still be bound by GDPR.
Here in the United Kingdom, GDPR supersedes the rules of the Data Protection Act 1998.
Personal Data and GDPR
Among the many complicated terms contained in the GDPR, ‘ ‘ relates to any piece of information that would allow you to identify a particular individual. This can include things as simple as a person’s name or even their home address. It can also cover things like photographs, email addresses, bank details. The other interesting point is social media posts and information and statements that young people make online, bring us to the Right to Erasure element of the GDPR.
GDPR has taken stock of the original ‘right to be forgotten’ and given it a complete overhaul. Article 17 of the regulation says that:
“Thesubject has the right to request erasure of personal related to them on any one of a number of grounds including non-compliance with article 6.1 (lawfulness) that includes a case (f) where the legitimate interests of the controller is overridden by the interests or basic rights and freedoms of the subject which demand of personal .”
Who is exempt?
Interestingly, the new GDPR does not include instructions on the processing of personalfor national security purposes, or those involved with law enforcement, as these organisations operate outside of the EU and UK laws.
Having said that, the GDPR does include an unconnected Data Protection Directive for the police and criminal justice sectors that provides vigorous rules on personalexchanges at national, European and international level.
The rights of the Data Subject
As well as seeking to ensureis being adequately protected, the GDPR is now making it essential that all subjects must be informed of how that is , how long it will be kept for, and who it will be shared with. Controllers will be required to provide this information, where possible when asked.
Essentially, if thesubject can prove that the existence of the you are holding on them is infringing their rights or putting them at risk, they have a case for this information to be erased. This may include internet search results, or as we mentioned earlier on, posts on social media.