GDPR – 7 Key Terms You Need to Know
The General Data Protection Regulation (GDPR) will replace the current Data Protection Act 1998 on 25th May 2018. The introduction of the GDPR will harmonise data protection laws across the EU, and will update the current regulations to take full account of globalisation, and the ever-changing technology landscape.
The significant change means the introduction of potentially new and confusing terminology, so we have had a look at seven of these key terms and what they really mean.
- Personal data –Any information relating to an identified or identifiable natural person. An identifiable person is someone who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
- Sensitive Personal Data- Sensitive Personal Data are special categories of personal data that are subject to additional protections. In general, organisations require stronger grounds to process Sensitive Personal Data than they require to process "regular" personal data.
- Processing – Relates to anything that is done to, or with, personal data (including simply collecting, storing or deleting those data). This definition is significant because it clarifies the fact that EU data protection law is likely to apply wherever an organisation does anything that involves or affects personal data.
- Controller - A natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller. Under the GDPR, controllers bear the primary responsibility for compliance.
- Processor - Any entity that processes personal data under the controller's instructions.
- Data breaches - Used to refer to the scenario in which a third party gains unauthorised access to data, including personal data.
- Data Protection Officer - Data protection officers are responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements.
The Next Steps
Here at IRIS, we’re at the forefront of GDPR legislation to help make these changes as easy as possible on you and your business.
We have three steps for anyone looking to get a better understanding of GDPR:
1. Free GDPR Health Check
Book your complimentary Health Check today to see where you stand before the regulations come into force.
During the Health Check we will run through:
- Who you need to raise GDPR with to help ensure your business is properly preparing
- How you're storing your data
- Is any of your data stored abroad?
- How quickly could you comply with a Subject Access Request?
- Do you need to appoint a Data Protection Officer?
- Have you considered whether you need to carry out a Data Protection Impact Assessment?
2. Online Training
To help you get GDPR-Ready, we're proud to offer a brand new training course designed to help you start preparing for this legislation: An Introduction to General Data Protection Regulation.
The online course is perfect for anyone who employs individuals or offers services to citizens in the UK and EU. This course highlights the key issues that might affect you as a business and will help you understand the next steps for your business.
3. Effective Software
GDPR is all about how you manage data you hold on individuals. What better time to join the self-service revolution!
With fines of up to €20 million for subject rights failures under GDPR there isn't a better time to see how IRIS's cloud-based, self-service HR software helps your business or practice comply with this aspect and other parts of GDPR legislation. To see how IRIS HR can help you comply with GDPR legislation take a free demonstration below.