GDPR

GDPR

The General Data Protection Regulation (GDPR) was introduced in May 2018 as a response to the UK’s General Data Protection Regulation (GDPR). The GDPR replaces the 1995 Data Protection Act and sets out specific regulations surrounding data protection. The GDPR applies to all organisations with EU or national customers and applies to any type of data, including personal data, processing activities and storage.

Organisations must take steps to protect user data from accidental or unauthorized access, destruction, alteration, or unauthorized use. They must also ensure that data is quality controlled to protect against unauthorized access, alteration, or destruction. Lastly, they must take steps to ensure that individuals have the right to information about their data protection rights and access to it.

Under GDPR, organisations must provide customers with a clear and concise privacy policy that sets out how their personal data will be used. Customers must be able to easily understand what types of data are being collected and how it will be used. They must also be given the opportunity to opt-out of having their personal data collected or processed for marketing purposes.

Organisations that process personal data must disclose their contact details so that individuals can exercise their rights under GDPR. They must also provide a mechanism for individuals to lodge complaints about how their personal data has been handled.

The GDPR imposes significant fines on organisations that breach its provisions, including up to 4% of global annual turnover or €20 million (whichever is greater).