The General Data Protection Regulation (GDPR) is a new EU data protection law that came into effect on May 25, 2018. The GDPR replaces the 1995 EU Data Protection Directive. It strengthens EU data protection rules by giving individuals more control over their personal data and establishing new rights for individuals. If you collect, process, or use the personal data of individuals in the EU, you must comply with the GDPR.
The GDPR applies to any company that processes the personal data of EU citizens, regardless of whether the company is based inside or outside the EU. If you process the personal data of EU citizens, you must comply with the GDPR unless you can demonstrate that you meet one of the GDPR’s limited exemptions.
The GDPR requires companies to get explicit consent from individuals before collecting, using or sharing their personal data. Companies must also provide individuals with clear and concise information about their rights under the GDPR, and ensure that individuals can easily exercise their rights.
If you are subject to the GDPR, you should review your current practices and policies to ensure that they comply with the new requirements. In particular, you should review this gdpr compliance checklist:
- Consent mechanisms
- Data collection practices
- Data handling and storage practices
- Data sharing practices
- Security measures
You should also ensure that you have appropriate processes and systems in place to respond to individuals’ requests under the GDPR, including requests for access to their personal data, requests for rectification of inaccurate data, and requests for erasure of their personal data.
If you are not sure whether you are subject to the GDPR, you can contact the UK Information Commissioner’s Office (ICO) for advice.
We hope this information has been useful to you.