General Data Protection Regulation

General Data Protection Regulation

Add to your interests
Scroll down

If you conduct business with or use data about individuals who are European citizens the General Data Protection Regulation (GDPR) applies to you. From 25 May 2018 it updated and enhanced existing legislation to make sure both your business and your employees are transparent about how you use data. Discover the latest industry updates around GDPR, as well as more information on what it means for you and your business.


What is GDPR?

Learn more about what GDPR actually means and what’s covered by it, including personal and special category data.

The GDPR applies to you if you collect, store or handle personal and special category data about EU citizens, even if your place of business is outside of the EU:

  • Personal data is any information about a person who can be identified by an identifier such as a name, identification number, location data, online identifier or through specific factors relating to their biological or social identity.
  • Special category personal data reveals racial or ethnic origins, political opinions, religious or philosophical beliefs, genetic, medical information or orientation. There are additional restrictions when processing these types of data.

Key Requirements

Processing personal data must be lawful, fair and transparent, but how can you make sure you’re meeting these requirements?

Fundamentally you’re required to make sure you only use someone’s personal data if you’re transparent about what you’re doing with it and why and you aren’t doing so against their wishes, instructions or legal rights. Your business needs to have appropriate measures in place to protect personal data and to erase or provide copies of someone’s personal data if they ask you to.

You can only process personal data about a person if:-

  • You have their consent; or
  • The processing is necessary and you have given them a privacy notice.

How can I decide if processing is necessary?

If you’re doing it to:-

  • Perform a contract with someone;
  • Meet a legal obligation you’re subject to;
  • Project the vital interests of someone;
  • Take action in the public interest;
  • You’re pursuing the legitimate interests of your business, as long as you’re not overriding someone’s fundamental rights such as their right to privacy.

If you’re processing special category data about someone you’ll normally need their explicit consent.

You can find out more about these requirements in our Loss Prevention Briefing below.




Collect and reference articles, publications and your own contacts list in your personal area.

  • Follow your interests
  • Access to more content
  • Connect with the relevant people
Register

Already registered? Log in