The General Data Protection Regulation (GDPR) is a new EU law that came into effect on 25th May 2018. It replaced the Data Protection Act 1998, the changes will remain in place even after the UK leaves the EU.
GDPR gives individuals greater control over their own personal data.
GDPR condenses the Data Protection Principles into six area's which are referred to as the Privacy Principles.
- You must have a lawful reason for collecting personal data and must do it in a fair and transparent way.
- You must only use the data for the reason it is initially obtained.
- You must not collect any more data than is necessary.
- It has to be accurate and there must be mechanisms in place to keep it up to date.
- You cannot keep it any longer than needed.
- You must protect the personal data.