General Data Protection Regulation (GDPR)
What is data protection?
Simply put, data protection is about guarding people from the misuse of their personal information, by creating legal responsibility for keeping that information held as securely as possible.
The General Data Protection Regulation or GDPR is the first major overhaul of data protection in the UK for 20 years. Its purpose is to:
- Give data subjects more rights to their information
- Create more transparency surrounding how organisations and companies use the data they hold
- Ensure that any organisation which collects, handles or shares personal data, does so with a clear and lawful purpose
Frequently asked questions
Training all staff in data protection awareness is part of compliance too. In addition to this an organisation will need to appoint a Data Controller, mainly in the form of a Data Protection Officer. GDPR recommends that organisations should adopt ‘Data Protection by Design’ and this means identifying other people to become Information Asset Owners (IAO) and a board member to become the Senior Information Rights Owner or SIRO. These are recommendations but adoption of such a structure plays an important part in demonstrating compliance.