Let’s talk about the GDPR, aka, the ‘General Data Protection Regulation’
The GDPR has been around since the 25th of May 2018, with its predecessor being the Data Protection Act 1998 (DPA 1998) and is pursued with the goal in mind to protect those online in the EU.
The meaning of the General Data Protection Regulation is to increase the levels of protection for individuals online and is considered the strongest set of data protection rules that exist in the world. It requires companies to follow strict rules on how they manage, store and process data received from their customers.
There’s the explanation for the general goal of the GDPR, but what are the principles of the overall regulation? There are seven in total, which include the following:
Lawfulness, fairness and transparency
The most important of the bunch is this principle, referring to organisations being completely clear and honest about what they need from your data and what they plan to do with it, as well as store it.
All of this must be followed accordingly to the rules set by the GDPR.
As a company, you must show your reasoning as to why exactly you need data from your customers.
The reasons you give must be reasonable and specific, to let your users know exactly what they’re signing up for before they give their consent to share their personal data.
Data sharing should be kept at the most minimum amount possible, so this principle is here to have companies only take relevant and purposeful data, which holds them back from storing your information unnecessarily.
Accuracy refers to organisations needing to keep the data they have stored up-to-date, correct and overall, accurate!
As a company, you should be reviewing the data you hold continuously and erasing that of what you don’t need; especially as previously stated in data minimisation, you shouldn’t be holding information that isn’t needed.
There are however expectations to keeping information for certain reasons. (public interest archiving, scientific or historical research, or statistical purposes.)
Integrity and confidentiality (security)
One of our favourites of the bunch for obvious reasons, but this simply refers to organisations needed to have the proper and appropriate security in place for them and their customers. Data must stay protected!
This is the newest principle of the seven and states that companies are required to take responsibility for the data held by them, and show compliance to the previous principles.