What is GDPR?
GDPR stands for General Data Protection Regulation. GDPR replaces the previous Data Protection Act. Like the previous Data Protection Act GDPR provides guidelines and regulations on how data is processed, used, stored or exchanged. It is about keeping people’s personal information safe.
GDPR applies to all the organisations that are registered in the EU or have an establishment or subsidiary in the EU.
It also applies to an organisation which sells goods or services to citizens of the EU and process or monitor the personal data of EU residents.
You are subject to GDPR if you have:
- Your company has a presence in any EU country
- Your company processes, stores or transmits personal data (any data that can be used to identify an individual) belonging to EU residents even if you are based outside the EU.
- Your company processes, stores or transmits personal data (any data that can be used to identify an individual) belonging to EU residents even if it is on behalf of another company.
GDPR dictates that there must be a chain of documentation to demonstrate accountability. These documents must be written in plain English and it is important that key people in your organisation are aware of it.
GDPR impacts filing and storing information offline and online, as well as contacting people by email.
Top Tip
You must document your decision making process when deciding what data to capture and how it is relevant to your business.
This should appear in your Privacy Policy.
Based on this information, can you tell if each of the organisations below is subject to GDPR regulation?
Company Type
Banking and Finance
Employees
1,000+
Area of Operations
North, Central and South America
Description
The company handles personal information from millions of clients. Some of this information is of a sensitive nature such as bank account and credit card details.
Is this company subject to GDPR?
