What is the GDPR
The GDPR is a set of guidelines for the collection and processing of personal information of individuals within the EU; it will come into effect in the UK from 25 May 2018, taking the place of the DPA, and will not be affected by the UK’s decision to leave the EU.
The GDPR applies to the following:
Data subject – an individual who is the subject of personal data
Data controller – a person who determines the purposes and way that data is processed
Data processor – any person who processes data on behalf of the data controller
Under the GDPR, personal data has a more detailed definition; information such as online identifiers (e.g. IP addresses) will now be classed as personal data. The regulations apply to both automated personal data and manual filing systems where personal data can be accessed.
Personal data must be:
Processed lawfully and fairly.
Collected for specified and legitimate purposes.
Accurate and relevant.
Kept in a form which permits the identification of data subjects for no longer than is necessary.
Processed in a way that ensures full security of the data
Below are a number of documents to support our commitment to GDPR at Brickhouse.