General Data Protection Regulation (GDPR) is a new European privacy law that comes into effect on the 25th May.
A lot has been written on GDPR and there is still a lot of confusion. In simple terms, GDPR can be broken down into the following principles;
- Only collect the data you need
- Ask permission being collecting it
- Only use the data for the purpose it was collected
- Make sure that the data is held securely
- Do not keep the data for longer than it is required
Obviously, each of those can be further broken down. For example, holding data securely does not just relate to storage but also access.
If you start with these principles, then implementing GDPR within your organization becomes easier. Make sure that you include both online and offline data. No point having a secure website if someone has printed off customer information and left it lying around the office.
The Information Commissioner’s Office in the UK has a comprehensive guide to GDPR.