What is GDPR, and what does it mean for you?
GDPR can sometimes sound complicated, but it’s really just a set of laws designed to ensure that organizations keep your data safe. GDPR stands for General Data Protection Regulation, and it’s EU legislation that applies to any company or government body processing personal data within the EU.
There are seven main principles of GDPR:
- Lawfulness, fairness and transparency: Any company collecting your data should only do so in a lawful and fair way. Transparency means they should be clear about what data they are collecting, and explanations should be given in plain and easy to understand language.
- Purpose limitation: Your data should only be used in the specific and limited ways you have given permission for. As an example, if you provide your contact details to a company to access customer services, these details should not be used by that company to contact you for sales and marketing reasons unless you gave them explicit permission to do so.
- Data minimisation: Companies should not collect excessive data about their customers over and above details that are relevant to the products or services they provide. The period of time a company holds on to your data for should be kept to a strict minimum.
- Accuracy: It’s important that any data that is held about you is accurate and kept up to date.
- Storage limitation: Similar to purpose limitation, this means the data controller should only store your information for a certain amount of time, which should be specific, limited, and reviewed periodically.
- Integrity and confidentiality: When you share your personal data with a company, they are obliged to take steps to keep it safe. This includes protecting against unauthorised access, unlawful access, accidental loss, or damage and destruction.
- Accountability: Data controllers are responsible for ensuring they are compliant with the GDPR legislation. They must be able to show how they process data and demonstrate how they comply with the legislation.
GDPR officially came into effect in May 2018, so all companies processing data within the EU should by now be fully compliant. If you’re sharing your data with a company, you can ask for information on how it will be processed, what measures they take to keep it safe, and how long they will store it for.