What is GDPR?
GDPR refers to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
This legislation regulates the “Processing” of “Personal Information”
“Personal Information” means information relating to an identifiable, living natural person or juristic person (sole proprietors, companies, CC’s etc.). This includes, but is not limited to:
- contact details: email, telephone, addresses etc.
- age, sex, race, birth date, ethnicity etc.
- history regarding medical, blood type, employment, financial, educational, criminal, biometric information
- private and business correspondence
“Processing” means what is done with the Personal Information collected, including, usage, storage, dissemination to 3rd parties, alteration or deletion (whether such processing is automated or not).
Personal information is an asset
For most businesses, personal information is an asset. Whether central to their services or only used for marketing, there is value to having quality personal information (which is a condition of lawful processing) and is secure (another condition of lawful processing). The loss of or damage to this asset results in loss of trust, reputation and can lead to loss of profit.
Some GDPR obligations are to:
- Collect only information required for a specific purpose
- Apply security measures to protect the information
- Only hold the information for as long as you need it
- Allow the subject of the information to see their data held upon request
When will I be affected by GDPR? Does GDPR really apply to me?
Compliance with the EU GDPR regulations is mandatory for most organisations in the EU. GDPR makes it illegal to collect, use or store the personal information of consumers and businesses unless it is done in accordance with the laws and regulations as prescribed in the GDPR
The GDPR was signed into law in May 2018. The provisions are consistent across all EU member states.
Any company that stores or processes personal information about EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU. Specific criteria for companies required to comply are:
- A presence in an EU country.
- No presence in the EU, but it processes personal data of European residents.
- If Information is collected by you in RSA from EU citizens or EU residents their GDPR (General Data Protection Regulations) came into effect on the 25th May 2018 and may affect what you do with any information collected