Who does the GDPR affect & what does it apply to?
The GDPR requires every business within all 28 EU Member States as well as those outsides of the EU that process the personal data of EU residents. In the UK we also have our national data protection rules through the Information Commissioners Office (ICO) which will continue to apply until a decision is made on how these are to be treated as a result of GDPR. So, for now, UK Data Protection laws and GDPR will both apply to UK organisations.
What does GDPR apply to?
The GDPR applies to personal data, similar to that provided for under the Data Protection Act 1998 (the DPA), so, it’s nothing that we don’t already know about. Personal data is information relating to an identified, or identifiable natural person. Under the GDPR this will now be extended to online identifiers, such as an IP address. Special categories of personal data/sensitive data, such as sexual orientation and religious beliefs, continue to be covered, and will also be extended to include genetic and biometric data.
For further practical advice on GDPR read our Whitepaper – What you need to know, by signing up to Gravicus Osprey where you will gain access to our Resource Centre and data management tools, including a free Data Protection Impact Assessment (DPIA) tool.
Contact Gravicus for an initial data assessment to fully understand your organisations current level of risk exposure, and we will provide recommendations for managing identified risks to the point of compliance using our simply smart tools in the cloud.
Telephone: 0203 858 0636
Simply smart data management in the cloud