Frequently Asked Questions
What is GDPR?
GDPR stands for General Data Protection Regulations and becomes law very soon, on 25 May 2018. It is part of a new Data Protection Bill which covers other things like National Security. GDPR is just one part, and for all businesses it is mandatory.
GDPR itself is a European piece of legislation that was passed in April 2016 following 4 years of negotiations. The law is basically an update of the current Data Protection Legislation which has been around since the 1990’s. And if we are all honest since then quite a lot has changed, social media has become bigger, pretty much everyone has email and technology has improved. And not necessarily for the better.
Essentially, GDPR is designed to give greater protection and rights to individuals personal information.
What does GDPR mean for companies?
GDPR is mandatory for all businesses. They will be expected to review what information they currently hold about people whether employees or customers as well as reviewing their data protection policies, processes and procedures.
Companies will have to demonstrate that they have control of personal information and they don't use what they do have inappropriately.
Some companies will already be registered under the existing Data Protection Legislation. They will need to continue to be registered and other smaller businesses will need to register as well.
Who does GDPR apply to?
In a word, EVERYONE.
The legislation is EU based so directly impacts everyone who processes data about EU residents, even if you are outside of the EU. If you have EU residents on your email list, as customers, as employees, as contractors, as service providers then it applies.
And Brexit will make no difference!
Why GDPR will be good for businesses?
There will obviously be varying schools of thought on this. Personally I think it will be. As a business you will have to seek an individuals consent to hold their personal information for example. Individuals will have to opt in not opt out.
Unscrupulous businesses who buy data will be negatively impacted, people will have the right to make formal complaints against those for want of a better word, harassing them for money or services.
The majority of businesses have an opportunity to positively engage with people that they want to do business with. It will be about quality information held and not the quantity of information held.
What is personal data under GDPR?
Essentially anything that can be directly linked to an individual. It could be as simple as an email address or phone number; but includes photos, CCTV, IP addresses, cookies, employee numbers, NI numbers...the list could be endless. If you have something that can identify one person, that is personal data.
What does GDPR stand for?
General Data Protection Regulations
How will GDPR affect HR?
GDPR is linked with IT however at the end of the day it is a "people thing". HR will be intrinsic in ensuring personal data is processed and managed correctly, that policies and procedures are in line with legislation. HR's role is critical.