The General Data Protection Regulation (GDPR) will apply in the UK from 25 May 2018. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
The GDPR applies to ‘personal data’. However, the GDPR’s definition is more detailed and makes it clear that information such as an online identifier – e.g. an IP address – can be personal data. Almost any data about a person that is collected may be considered personal data and as such, fall into the GDPR regulations.
The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible. This is wider than the Data Protection Act’s definition and could include chronologically ordered sets of manual records containing personal data.
While the new GDPR has a number of changes to it and the transition is creating a significant amount of extra work for organisations, it is a good thing. The new GDPR is holding us accountable for the way we process and handle sensitive information, making ourselves and the people we do business with safer in the digital world we live in – not only today, but in the future.