General Data Protection Regulation

Contact us

General Data Protection Regulation

In April 2016, after a 4 year consultation process, the final text of the General Data Protection Regulation (GDPR) was confirmed. You can read the full regulation document on the Europa website.

A summary of the document, in simplier English, can be found on the ICO website.

Article 4 defines "personal data" as:

"'personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;”

It's worth reading the regulation fully, however the main highlights can be found below:

  • Everyone who gives you data - any kind of personal data - needs to know what they're giving you.
  • Everyone who gives you their data needs to be able to access it when they want to, to see what you have on file about them. You need to give it to them within 1 month of them requesting it.
  • People need to be able to update the details you have on file about them and you need to make sure these changes are updated across all platforms you've shared this data with.
  • People have the right to ask you to delete all their data and completely forget about them.
  • People need to be able to complain and they need to be able to stop using your services at any time.
  • Silence, pre-ticked boxes or inactivity does not constitute consent.

The majority of these tasks aren't complicated to implement, however you'll need to ensure you comply to avoid a possible fine. Contact Hand Coded Studio for assistance with these tasks.

16 January 2018