General Data Protection Regulation (GDPR) is a new EU law that regulates how the personal data of EU residents can be collected, used, and processed by businesses. Under GDPR individuals have rights of access, rectification, erasure, restriction, objection, right not to be subject to automated decision-making of their personal information.
What constitutes Personal Information?
Personal data is any information that relates to an identified or identifiable living individual e.g. name or email address.
Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data e.g. name and physical address/IP address.
Personal data that has been de-identified, encrypted or pseudonymised but can be used to re-identify a person remains personal data and falls within the scope of the law.
Personal data that has been rendered anonymous in such a way that the individual is not or no longer identifiable is no longer considered personal data. For data to be truly anonymised, the anonymisation must be irreversible.
What does GDPR mean for my business?
GDPR gives individuals more rights when it comes to the collection and processing of their personal data. As a result, GDPR provides new guidelines for any business that collects or processes the personal data of its EU customers.
GDPR defines ‘personal data’ as “any information relating to an identified or identifiable natural person.” The new regulation includes expanded rights regarding individuals personal data rights, additional security requirements for organisations and how the transfer personal data both within and outside of the EU.
The GDPR covers any EU citizen which means that it can also apply to any US business that provides services to any EU citizen. As it is common for online businesses to bridge borders, it may requires businesses across the EU and globally to review and rethink how they handle and protect personal data.
GDPR requirements set the new standard for data protection. A direct benefit is that creatings improved transparency and trust between businesses and their customers.
If you wish to read up on GDPR in more detail, this is a great guide which covers the day-to-day responsibilities of businesses when it comes to the responsibilities when handling personal data of its customers.
Please note that this post does not include any legal or professional advice. You should consult with your legal counsels and IT experts for compliance with privacy and data protection laws.