The GDPR which comes into force on 25 May 2018 is intended to update and enhance current data protection legislation to require businesses who deal with EU citizens, including employees, to be transparent about how they use their data.

The GDPR covers the collection, storage and handling of personal and special category data:

  • Personal data is any information relating to a person who can be identified by an identifier such as a name, identification number, location data, online identifier or through specific factors relating to their biological or social identity.
  • Special category personal data is data revealing racial or ethnic origins, political opinions, religious or philosophical beliefs, genetic, medical information or orientation. There are additional restrictions when processing these types of data.

Organisations which the GDPR applies to will be subject to the oversight of the data protection authority situated in the EU Member State where the majority of their operations are situated or take place.

Find Out More

Visit our dedicated insights area: