The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and it addresses the export of personal data outside the EU.
The GDPR will apply in the UK from 25 May 2018 and the government has confirmed that the UK’s decision to leave the EU will not affect its commencement of the GDPR.
The following article is only a summary of our findings and if you store, use or handle individuals' data you should ensure you are fully up to speed on this legislation by visiting the ICO website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
Who does the GDPR apply to?
The GDPR applies to 'controllers' and 'processors' of data. In short, any business that stores, uses or handles data for itself or its clients will be affected by the new GDPR legislation.
What information does the GDPR apply to?
Personal Data - any information that could be used to identify an individual. For example, name, email address, telephone numbers, account numbers, ip addresses, etc.
Sensitive Data - any information that is deemed sensitive would be things like: political views, sexual preference, medical history, etc.
Key Aspects of GDPR
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
A full description of each of these areas is provided on the ICO Website.
How Should a Website Support GDPR?
The following is a summary of what we think are important features and requirements of a website:
- Ensure all sign-up forms clearly describe what the individual is signing up for
- Ensure all secondary sign-ups (e.g. an opt-in tickbox on an enquiry form) have the opt-in tickbox UNTICKED by default as it is illegal to pre-tick these now