What is GDPR?
Every organisation that holds personal data will be affected by GDPR - that includes personnel records for staff, customer details, sales and marketing prospect information, online identifier data etc.
Organisations will be accountable to the data protection supervisory authorities (in the UK this is the Information Commissioner's Office). Whilst the accountability is not a new requirement, GDPR requires all organisations to record and document compliance with all applicable aspects of GDPR. The Regulations gives individuals more rights in respect of their data, including more control and and visibility of how their personal data is being used, and the right to have that information removed or moved if requested.
What is 'Personal Data'?
Examples of personal data include elements such as:
- Date of Birth
Personal data can also include other less obvious identifiers such as IP address.
Simply put, personal data applies to any data form which a living individual (data subject) could be identified.