Learn more about some of the issues surrounding GDPR by reading our FAQs.
If you have a specific that you think should be on our list, just use the contact us form to get in touch.
What is the GDPR regulation?
The General Data Protection Regulation is a new EU regulatory regime coming into effect in May 2018. The UK has signed up to the GDPR and will continue to implement it despite Brexit.
What are the main issues for companies with GDPR?
There are many areas that businesses must focus on to prepare themselves for this change.
Some of the key issues that businesses need to consider are:
For more background on how to prepare for GDPR, read this paper from the Information Commissioner’s Office, 12 steps to take now.
Where can I find out about GDPR definitions?
The full list of GDPR definitions are found in Article 4 which can be found here https://gdpr-info.eu/art-4-gdpr/
What is personal data under GDPR?
Personal data is information relating to a person, where that person can be identified by using a piece of data, such as a name, email address etc – even an IP address or mobile number can now be classed personal data.
Is a name and address personal data under GDPR?
A common name, Robert Jones, on its own may not be personal data. However, if presented along with other data, such as an address or date of birth, then it would constitute personal data. Unusual names may, on their own, constitute personal data.
What is sensitive personal data?
Sensitive data is data that, if misused, might cause harm to an individual. This includes information about race or ethnic origin. Genetic and biometric data are also included, if it can be used to identify an individual.
What is personally identifiable information?
Personally identifiable data is data that directly identifies an individual, e.g., mobile number, email address, national security number.
What is pseudonymous data?
Pseudonymous data is personally identifiable data that has been subjected to encryption. It still falls under the GDPR, but some of the rules are relaxed, in particular the notification of data breaches.
What is a Data Protection Impact Assessment?
A DPIA is an assessment that must be carried out every time you make a change to a system which may affect contact data. Using cloud-hosted software generally offloads this responsibility and reduces the need for you to produce a DPIA every time a change is made to the system. This is subject to what is being changed and the configurability of the cloud software.
What is a data controller under GDPR?
The data controller is the person, company or organisation who decides how and what processing is undertaken.
What is a data processor under GDPR?
A processor is a person, entity or company who carries out the processing of data, and processing means any operation on the data (e.g., collect, record, retrieve, organise etc) whether automated or not.