What is the GDPR?
The General Data Protection Regulation (GDPR) comes into force on 25 May 2018 and will be implemented into UK law through the new Data Protection Bill, replacing the Data Protection Act 1998 (DPA).
The GDPR preserves many of the principles established in the DPA, but it has far more scope and is much more relevant to the way that personal data is created, used and stored in the digital age.
The aim of the GDPR is to give individuals greater control over their personal data. It places new requirements on all organisations, including small businesses that collect, handle or analyse personal data, including a requirement to comply with six key principles:
- Transparency, fairness and lawfulness in the handling and use of personal data
- Limiting the processing of personal data to specified, explicit and legitimate purposes
- Minimising the collection and storage of personal data
- Ensuring the accuracy of personal data
- Limiting the storage of personal data and retaining it only for as long as necessary
- The security, integrity and confidentiality of personal data should be guaranteed