On 25 May 2018 the General Data Protection Regulations came into effect. This has had a significant impact on every business within the United Kingdom.
The GDPR sets out obligations and responsibilities on organisations who “process personal data”. Under the Regulations where a company / employer does any one of the following activities this is known as “Processing”.
Just doing nothing with personal data is still processing.
Under the Regulations, the definitions have been widened to include all kinds of personal data. Personal data is defined as “any information relating to a data subject”. A data subject is the identified or identifiable natural person to whom personal data relates. e.g. a data subject is an employee, this could also be a customer.
For example the definition includes data where you can identify an individual via their: personal email address, data for logging onto a computer, CCTV etc.
Looking for Privacy Notice Help?