General Data Protection Regulations
The General Data Protection Regulation (GDPR) came into force on 25th May 2018,
replacing the existing data protection framework under the EU Data Protection Directive.
Many of the main concepts and principles of GDPR are much the same as those outlined in the previous Data Protection Acts 1988 and 2003 (the Acts). However, GDPR introduced new elements and significant enhancements which will require detailed consideration by all organisations involved in processing personal data, especially the personal data of employees and of clients.
Retention of Personal Data
For all organisations to work efficiently on your behalf and within the law, it may be necessary for them to retain personal data about you on their files or computer records. Examples can include financial information, bank details and sensitive personal data. Prior to signing up to any provider for a service, be it online or offline, you will have to confirm that you are agreeing to ‘opt in’ so that that provider may receive and hold confidential personal data and/or sensitive personal data belonging to you.
You are entitled, subject to certain exemptions, to obtain a copy of the personal data any organisation holds about you and to correct any inaccuracies in this data. Further, you have the right to have any information you have sent to any organisation erased. There are certain exemptions regarding the holding of data in relation to legal matters and employment records by organisations as provided for in the legalisation.
See the link below for a PowerPoint presentation (also in PDF) that our Media Partner, Simon Carty gave on the topic of GDPR. If you are looking for any advice on how to handle and manage your data in light of the new regulations, contact Simon at email@example.com or firstname.lastname@example.org for more information.