The GDPR
legislation is a considerable document with 99 Articles and 173 Recitals that
outline the new, comprehensive standards of data protection. GDPR was written into law in 2016; however, European organisations were given a 2-year grace period in order to comply with the document. That grace period ends on 25th May 2018.
This regulation can be summarised
into seven equally-weighted principles:
1. Lawful, fair, and transparent processing: Explicit consent by the consumer is critical before any personal data can be captured, processed, or stored. It also allows for the ‘right to be forgotten’, where a consumer can request their personal data be deleted. Individuals also have the right to access all their personal data a company may hold.
2. Purpose limitation: Organisations must have a legitimate and lawful purpose for processing personal data.
3. Data minimisation: Organisations should capture the minimum amount of data needed for the specified purpose.
4. Accurate and up-to-date processing: Organisations must employ data controllers to ensure information remains valid, accurate, and for the specified purpose.
5. Limitation of storage in the form that permits identification: Discourages organisations from keeping personal data for longer than is necessary.
6. Confidential and secure: Organisations must protect the privacy and integrity of the data by ensuring its security.
Individuals have considerable rights under the GDPR Regulations and organisations holding personal data must comply with an individual's requests unless there is a lawful basis for maintaining that information. The picture below shows an individual's rights. We have sought to make it clear how you can grant and revoke personal information in the Privacy Notice.