Member-only story
The Beginner’s Guide To General Data Protection Regulation (GDPR)
This is article contains information about legal frameworks and compliance related to personal data. Sexy, huh? Maybe not, yet it’s still crucial that you know this stuff.
On the 28th May 2018 the law will change, if you hold any personal information on people within your business, it will affect you. The General Data Protection Regulation (GDPR) is a new European Union regulation that aims to protect personal data, the countdown is on for compliance; will you be ready?
In this post we will explore the new regulations and aim to give you all the information you need within 22 digestible facts and tips.
The Basics
1. The GDPR applies to all organisations that serve the citizens of the EU. So even companies who are based outside of the European Union but have customers within it, are still expected to comply.
2. It doesn’t matter how big or small your business is, this law applies to everyone.
3. According to the GDPR personal data is defined as information that is private, professional or public. Examples include names, addresses, emails, bank details, medical information and an IP addresses. You might be surprised to learn that photographs and even social media posts are considered as personal data within the regulation.
4. Information from national security or law enforcement is not part of the personal data classification by the GDPR.
5. One of the intentions of the regulations is to stop companies making unfair decisions using algorithms. It has been argued in the past that algorithmic decision making are fairer because they are removed from human judgement. Of course along with judgement, compassion has also been removed and this process has been criticised for excessive discrimination.
6. Under the new regulations if decisions about EU citizens are made using algorithms, they can be legally challenged.
Deleting data
7. After May 18th 2018, people can request that companies delete their personal data.
8. All organisations will have to delete information when the purpose for its collection is no longer relevant.
