The General Data Protection Regulation (GDPR) means big changes for any organisation that collects and processes personal data from European citizens – whether or not it is based inside the EU.
We do it every day…
Every day, businesses and individuals transfer vast amounts of personal data throughout the UK and the EU. Names, addresses, email addresses, phone numbers, dates of birth, financial information and medical information are just some of the categories of information that constitute ‘personal data’ for the purposes of UK and EU data protection law.
Everyone has a right to protect their personal data
Under UK and EU law, personal data can only be collected, stored and processed under strict conditions imposed by data protection law (for example, the collection, storage and process of personal data must be for a legitimate purpose which has been communicated to the individual data subject). In short, individuals have rights and businesses and other entities have corresponding obligations to ensure that personal data is dealt with in accordance with law.
The problem with the current state of affairs is that there are different domestic data protection rules and regulations in the 28 (soon to be 27) Member States of the European Union.