On the 25th
of May 2018 the General Data Protection Regulation (GDPR) became the law of the
land and the wider EU. If you haven’t noticed the effects of this new
comprehensive regulation you will no matter what area of life you operate in.
In this article I will give a very brief overview, to familiarize yourself
fully with the GDPR please visit the site of the Data Protection Commissioner
at http://gdprandyou.ie/ The Dail made 105 amendments to the regulation before passing it into
law. You can download the full text of the act in pdf format by visiting https://www.oireachtas.ie/en/bills/bill/2018/10/
The Aims of The Regulation
Some but NOT
all of primary aims of the regulation are:
#1 Make
Companies, individuals, and organizations responsible and accountable for
keeping personal information on any citizen of the EU including justifying why
such information is recorded, how long they will retain it, and crucially the
right of every EU citizen to know what information is being kept and have it
corrected and/or deleted. Specific portions of the regulation are targeted at
protecting minors.
#2 Provide
for severe financial penalties for companies, organizations, and individuals
where they are found to be in breach of the regulation.
#3
Elimination of complex or implied agreements to keep and pass on personal
information.
#4 Provide
a simple mechanism for citizens to register a complaint against any company,
individual, or organization that they believe is in breach of the act.
#5 Require
companies, individuals, or organizations to respond to citizen requests about
personal data.
What Is Personal Data?
The
regulation defines personal data as any information which can identify an individual
or pertains personally to that individual and includes photographs and video.
The Reach of The Regulation
GDPR applies to any company, individual, or
organization who records personal data on EU citizens regardless of where these entities are located inside the EU or in
non EU countries. Thus a company
located in the United States of America who holds personal data on EU citizens
is subject to the regulation.
