The Data Protection Act has always had a fairly broad mandate with personal data however, the GDPR brings in new data and is more aligned to the way we now do business in a connected world. This will mean that companies that were compliant under the Data protection Act, may not be complaint under the GDPR, which considers any data that can be used to identify an individual, directly or indirectly as personal data. In the past, only data controllers were considered responsible for data processing activities, but the GDPR extends liability to all organisations that hold or use personal data, including companies that process data on your behalf.
Look out for our next GDPR blog – What do you need to consider?
Sources: (Privacy lawyer and KuppingerCole analyst Karsten Kinast), White & Case, ICO
Posted 28th February 2017
Would you like to download our mobile app from the App Store?