DATA PROTECTION AND GDPR
The General Data Protection Regulation (GDPR) is the new EU regulation that came into effect on May 25th 2018. The General Data Protection Regulation aims to strengthen data protection in the EU. This regulation sets out the ways in which the privacy rights of citizens must be protected. The legislation also clearly defines the rules for the person or the entity (Data Controller) collecting a person’s information, in order to ensure compliance.
Meaning of Data Protection
When an individual gives their personal details to an organisation, the organisation has the duty to keep these details private and safe. Data Protection legislation intends to protect the right to privacy of individuals, and to ensure that Personal Information is used appropriately by third parties that may have it (Data Controllers). Data Protection relates to any information that can be used to identify a living person such as Name, Date of Birth, Address, Phone Number, Email address, Membership details, photographs etc
Data Protection can be summarised in the following ‘7 Principles’’
- Lawfulness, Fairness, Transparency
- Purpose Limitation
- Data Minimisation
- Accuracy
- Storage Limitation
- Integrity and Confidentiality
- Accountability
This legislation set out the rules on how the personal information is used, obtained and stored in a secure way. Every person must give consent for their personal data to be used for a specific purpose. Therefore the option of Opt – In, and Opt – Out at any time must be given to the individuals. An Individual can request a copy of all of the personal information held about them by emailing the organisation and requesting the Data Access form, and must be allowed to have their data returned to them or deleted if that is the persons preference.