What is GDPR?
The General Data Protection Regulation, also known simply as GDPR, is a form of European legislation that is aimed at increasing the protection of citizen’s data in the European Union. It replaces the previous 1995 data protection directive which the current UK data protection law is based on.
Approved by the European Parliament in April 2016, businesses were given a two-year transition period to make sure they are GDPR compliant. The legislation comes into effect on 25th May 2018 and any business found not to be compliant could face large fines in the millions.
What data will be protected?
Since the GDPR legislation is all about businesses protecting EU citizen’s personal data, it’s crucial you understand what counts as personal data in the first place. To keep it simple, any data that is collected about someone falls under the new protection law. Some of this data includes but is not limited to:
In addition to this list, anything that is counted as personal data under the UK Data Protection Act also qualifies as personal data under GDPR legislation. Basically, if it’s information that can be used to identify someone, then there’s a good chance it will be on the list.