What data does the new General Data Protection Regulation cover?

The Data Protection Act has always had a fairly broad mandate with personal data however, the GDPR brings in new data and is more aligned to the way we now do business in a connected world.  This will mean that companies that were compliant under the Data protection Act, may not be complaint under the GDPR, which considers any data that can be used to identify an individual, directly or indirectly as personal data.  In the past, only data controllers were considered responsible for data processing activities, but the GDPR extends liability to all organisations that hold or use personal data, including companies that process data on your behalf.

KEY CHANGES TO DATA PROTECTION ONCE THE GDPR COMES INTO LAW

  • The right to be forgotten, requiring an organisation to completely delete data on request
  • Consent must be clearly obtained if you intend to hold any personal data
  • Data must be deleted if it is no longer required
  • Data must be deleted if it is no longer used for the purpose it was intended for, or fresh consent obtained to change its purpose
  • The age of consent for collection of data will be raised from 13 to 16
  • Breaches must be notified to the EU authorities within 72 hours of a breach
  • Organisations managing large amounts of sensitive data must appoint a Data Protection Officer
  • Projects and/or software must be designed with privacy in mind
  • Individuals will be able to sue if they are distressed by non-compliance

Look out for our next GDPR blog – What do you need to consider?

Sources: (Privacy lawyer and KuppingerCole analyst Karsten Kinast), White & Case, ICO

Posted 28th February 2017

Awards

We use cookies on this website, you can find more information about cookies here.