You’ve probably heard the term GDPR being thrown around in the media a lot recently, or perhaps at work. The General Data Protection Regulation (GDPR) is a new set of EU regulations which will come into force on 25th May 2018.
Taking over from the Data Protection Act 1998, GDPR sets out new rules on the way organisations handle information, particularly individual personal data.
As a European Union regulation it will affect the UK (as it is still officially part of the European Union at the time GDPR comes into force), as well as any country that deals with information regarding EU citizens.
So what does it mean? As well as maintaining the original principles of the Data Protection Act, GDPR will involve some changes and additions to the way data is managed by organisations such as:
-Individuals having increased access and control over their personal information
-Organisations having to obtain clear recorded affirmative consent to use individual data
-Organisations having internal structures of accountability and appropriate security measures in place to protect data
-Appointment of a Data Protection Officer may be necessary to oversee all data management and monitor internal processes in cases where certain sensitive information is handled
For more information please see the official GDPR website