What is GDPR?
GDPR is Europe's new framework for data protection laws which will replace the 1995 data protection directive. It follows many of the principles of the current Data Protection Act.
Why has GDPR come in?
To protect personal information from being used by organisations against their wishes and without their knowledge. GDPR ensures businesses are held accountable for the safeguarding and storing of all client data they hold.
What constitutes 'Personal Data' under GDPR?
According to the ICO, personal data is any information related to a person, that can be used to directly or indirectly identify that person.
Details that count as personal data have been extended to include online identities, such as:
-
work email address
-
personal email address
-
phone numbers
-
online identities/usernames
-
cookies
-
IP address
-
health records
-
biometric data
-
genetic data.
Read More about definitions in GDPR here.
GDPR - Post Brexit
Although the UK are planning to leave the European Union, as the GDPR legislation was agreed prior to Brexit, it will still come in to force in UK law.
Once the UK has left the single market the British courts will be able to change any laws previously set by the European Union, however until such a time the UK make changes, the GDPR's legislation will be enforced as UK law.