The big question on everybody’s lips is ‘What is General Data Protection Regulation (GDPR)?’ and the next question is ‘What do I need to do as a business to comply?’ This article aims to give a quick overview of GDPR and its aims and objectives.
This article is not intended to give an exhaustive insight into GDPR. There is a dedicated website with full details and advice that you can visit for a more in-depth analysis. Visit the Information Commisioners Office website for full details on GDPR. There is also a ’12 Steps to GDPR’ PDF document you can download’
The General Data Protection Regulation comes into force on 25 May 2018 in the UK. It expands the rights of individuals to control how their personal information is collected and processed.
The Regulation demands that you be able to demonstrate compliance with the data protection principles. This involves taking a risk-based approach to data protection, ensuring appropriate policies and procedures are in place to deal with the transparency, accountability and individuals’ rights provisions, as well as building a workplace culture of data privacy and security.
GDPR applies to personal data. This is any information that can directly or indirectly identify a natural person, and can be in any format. The Regulation places much stronger controls on the processing of special categories of personal data. The inclusion of genetic and biometric data is new.
Personal data includes:
Under the GDPR, individuals can ask for access at “reasonable intervals”. Data controllers must generally respond within one month. The GDPR requires that controllers and processors must be transparent about how they collect data, what they do with it, and how they process it, and must be clear (using plain language) in explaining these things to people.
Individuals have the right to access any information a company holds on them, and the right to know why that data is being processed, how long it’s stored for, and who gets to see it.
In addition, under the GDPR, individuals have the “right to be forgotten”. Individuals have the right to have their personal data data deleted “without undue delay”, at their request.
Blackberry is a creative design agency. We work with businesses in Redditch, Worcester, Birmingham, the Midlands and nationally. We help our clients build strong brands that can create loyalty and add value.
Got any questions about GDPR and how it might affect your marketing activity? Speak to Blackberry Design to see what we could do for your business. Get in touch on 01527 517309 or fill in our contact form.