An introduction to GDPR
What is GDPR?
The General Data Protection Regulation (GDPR) is a new comprehensive data protection law that requires businesses to protect the ‘personal data’ and privacy of EU citizens for transactions that occur within EU member states.
What is personal data?
Under GDPR, ‘personal data’ refers to any information that can be used to identify an individual. Therefore, a person's name, address, phone number or email address would not be considered as ‘personal data’ in their own right, they could be considered personal data if, when viewed alongside other data, they could be used to identify an individual.
What does this mean for me?
GDPR does not prevent the recording and storing of personal information of individuals for whom you have their explicit permission, but data should, where possible, always be entered into the appropriate fields in Oneserve. We recommend that personal data should not be entered into free text fields as this makes it more difficult to systematically store, identify and remove data relating to an individual if required.
For further advice and guidance on what GDPR means to you and for more information on good general data protection practices, please review the links below or discuss this with your employer.
Further advice and guidance
When does GDPR come into effect?
The regulation comes into effect on the 25 May 2018.
What are the impacts of non-compliance?
Non-compliance could cost organisations dearly with fines of up to €20 million or 4% of annual turnover of the previous year, whichever is higher.
Why the new regulation?
The GDPR is intended to strengthen the rights that individuals have regarding personal data relating to them and seeks to unify data protection laws across Europe, regardless of where that data is processed. It updates and replaces the individual national data protection laws currently in place across EU member states with a single set of rules across all. For the UK, GDPR replaces the Data Protection Act (DPA) of 1998.
What does GDPR regulate?
The GDPR regulates the “processing” of data for EU individuals, which includes collection, storage, transfer, or use. Any organisation that processes personal data of EU individuals is within the scope of the law, regardless of whether the organisation has a physical presence in the EU. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).
GDPR & Oneserve
At Oneserve we are committed to our customers’ success, including compliance with GDPR. We are working to make enhancements to our products, contracts, and documentation to help support Oneserve’s and our customers’ compliance with the GDPR.
What do you need to do now?
Are you struggling on where to start or how to accelerate your GDPR readiness? We recommend you take a look at this helpful guide from the ICO
Where can I learn more?
We have provided a few links below to other trusted sources of information around GDPR to help you further your understanding of the new regulation.