GDPR
'Personal data' means any data which can uniquely identify an individual, such as name, address, telephone number, email address, NI number etc.
If you store any data like this then the legislation applies to YOU. If you do not store personal data then it does not apply to you. If you only store details of companies (for example) then you are exempt.
To sum it up in a few words - you are responsible for the security and accuracy of any personal data that you hold and are to treat it responsibly. If anything goes wrong then you must inform of the problem within 72 hours to your Supervisory Authority. There are simply no excuses for failing to comply with the Regulations.
There is a notable change from having to Opt Out of communications to now having to Opt In. The requirement to respond to a request for a copy of personal data is reduced to 30 days. There is also a requirement to 'forget' an individual and remove all traces from your systems.
It is important to realise that if you store data on a third party computer which is not under your direct control, such as on the web, then you are still responsible if anything goes wrong.
The page on the Information Commissioners Office relating to this is at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
As a company we only store a limited amount of personal data, usually only a contact name, but sometimes it is possible we could store a personal address, phone number or email address. Our Supervisory Authority is the Information Commissioners Office at https://ico.org.uk
'Personal data' means any data which can uniquely identify an individual, such as name, address, telephone number, email address, NI number etc.
If you store any data like this then the legislation applies to YOU. If you do not store personal data then it does not apply to you. If you only store details of companies (for example) then you are exempt.
To sum it up in a few words - you are responsible for the security and accuracy of any personal data that you hold and are to treat it responsibly. If anything goes wrong then you must inform of the problem within 72 hours to your Supervisory Authority. There are simply no excuses for failing to comply with the Regulations.
There is a notable change from having to Opt Out of communications to now having to Opt In. The requirement to respond to a request for a copy of personal data is reduced to 30 days. There is also a requirement to 'forget' an individual and remove all traces from your systems.
It is important to realise that if you store data on a third party computer which is not under your direct control, such as on the web, then you are still responsible if anything goes wrong.
The page on the Information Commissioners Office relating to this is at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
As a company we only store a limited amount of personal data, usually only a contact name, but sometimes it is possible we could store a personal address, phone number or email address. Our Supervisory Authority is the Information Commissioners Office at https://ico.org.uk