Frequently Asked Questions
What is GDPR?
GDPR stands for General Data Protection Regulations and became law on 25 May 2018. It is part of a new Data Protection Bill which covers other things like National Security. GDPR is just one part, and for all businesses it is mandatory.
Contrary to popular belief, GDPR is not going to disappear if and when we do Brexit. The legislation has already been passed and is here to stay.
What does GDPR mean for companies?
GDPR is mandatory for all businesses irrespective of their size and function. Each business should by now have reviewed what information they hold about people whether employees or customers as well as reviewing their data protection policies, processes and procedures.
Companies will have to demonstrate that they have control of personal information and they don't use what they do have inappropriately.
Some companies will already be registered under the existing Data Protection Legislation. They will need to continue to be registered and other smaller businesses will need to register as well.
Who does GDPR apply to?
In a word, EVERYONE.
The legislation is EU based so directly impacts everyone who processes data about EU residents, even if you are outside of the EU. If you have EU residents on your email list, as customers, as employees, as contractors, as service providers then it applies.
And Brexit will make no difference!
Why GDPR will be good for businesses?
There will obviously be varying schools of thought on this. Personally I think it will be. As a business you will have to seek an individuals consent to hold their personal information for example. Individuals will have to opt in not opt out.
Unscrupulous businesses who buy data will be negatively impacted, people will have the right to make formal complaints against those for want of a better word, harassing them for money or services.
The majority of businesses have an opportunity to positively engage with people that they want to do business with. It will be about quality information held and not the quantity of information held.
What is personal data under GDPR?
Essentially anything that can be directly linked to an individual. It could be as simple as an email address or phone number; but includes photos, CCTV, IP addresses, cookies, employee numbers, NI numbers...the list could be endless. If you have something that can identify one person, that is personal data.
What does GDPR stand for?
General Data Protection Regulations
How will GDPR affect HR?
GDPR is linked with IT however at the end of the day it is a "people thing". HR will be intrinsic in ensuring personal data is processed and managed correctly, that policies and procedures are in line with legislation. HR's role is critical.