Data Privacy & GDPR
We share large amounts of information about ourselves every day. Technology has changed the way we behave and interact, with more digital communication, the use of electronic funds, social networking, mobile apps, and online services. All of these require our personal data to interact or complete a transaction.
As we change socially and culturally with technology, so do the businesses serving us and –unfortunately – so do the criminals.
So, how can we be sure that the personal data we share is safe online and that we have control of how, when and why it’s used?
Well, the General Data Protection Regulation (GDPR) is there to protect our rights. It ensures that those who collect, use, process and store our personal data do so accurately, protect it and do not misuse it.
GDPR has six key principles that govern data protection.
The use of personal data must meet these criteria:
• Processed lawfully, fairly, and in a transparent manner
• Collected for specified, explicit and legitimate purposes
• Adequate and limited to what is necessary in relation to the purposes for which it is processed
• Accurate and kept up to date • Kept no longer than is necessary for the purposes for which the personal data was collected and processed
• Have in place the appropriate security measures, both technical and organisational, to protect the personal data from unauthorised or unlawful processing, accidental loss or release, destruction or damage
GDPR gives rights to you as an individual. These include for your personal data to be erased if it is no longer required, being told of any breach of your personal data and financial compensation if a business fails to protect you.
Compliance with the GDPR rules is required of any persons, businesses or organisations handling personal data in the EU and those offering products or services into the EU — even when the organisation is not located in the EU. They must abide by rules and principles that include: ensuring personal data is collected and processed lawfully, is accurately held for legitimate reasons, and is adequately protected and erased when requested or no longer required.
Remember data privacy is our right — not a privilege — and it is reasonable to expect that organisations will take accountability for the use and misuse of personal data and that it is kept up to date and safe. So, do you know how this affects your organisation and the work you do?