The GDPR

The General Data Protection Regulation (GDPR) came into force on the 25th May 2018. It introduced 99 articles that define how personal data should be handled and protected, with 173 recitals supporting those articles. These are now enshrined in UK law via the Data Protection Act 2018.

Your company needs to be compliant with concepts such as the ‘Lawful Basis for Processing’, Data Breaches, Subject Access Requests, the right to erasure and many, many others. It may need a Data Protection Officer. GDPR has brought about a change in the way data is viewed: from being a right to being privilege.

GDPR has six key principles to protecting personal data and seven rights of data subjects. These should underpin every type of processing your company does. Applying these to your organisation gives you a good head-start in becoming compliant.