Business owners across the country are spending time and resources working on their preparations for the General Data Protection Regulation (GDPR), that will take effect from 25 May 2018.
One of the key words that you'll hear in the context of the GDPR is 'processing' of personal data.
But what does it mean?
'Processing’ means any operation/activity which is performed on personal data, whether or not by automated means. Examples of processing activity include collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The principles of GDPR
The GDPR provides 6 guiding principles that you must follow if you process personal data as mentioned above. It must collected and processed:
- Lawfully, fairly and in a transparent manner;
- For specified, explicit and legitimate purposes;
- Adequately, relevant and limited to what is necessary for your stated purpose of processing;
- Accurately and kept up-to-date;
- Kept in a form that allows for identification of data subjects (individuals) for no longer than is necessary;
- In a manner that ensures appropriate security of the personal data through the use of technical and organisational measures.
The GDPR states that businesses must not only comply with these principles, but they must also demonstrate compliance with these principles.
The Information Commissioner's Office (ICO) has issued detailed guidance on the GDPR for small organisations. The guidance can be found here.
You're on our blog and updates site, which is hosted by Markel Law.
Under the GDPR, the data protection principles set out the main responsibilities for organisations.