We can’t quite believe it has been a year since the new regulations came into play !
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU)
The GDPR sets out seven key principles:
- Lawfulness, fairness and transparency
We have an appropriate lawful basis for our processing.
- Purpose limitation
We have clearly identified our purposes for processing.
- Data minimisation
We only collect personal data we actually need for our specified purpose.
We have appropriate processes in place to check the accuracy of the data we collect, and we record the source of that data.
- Storage limitation
We know what personal data we hold and why we need it.
We carefully consider and can justify how long we keep personal data.
We have a policy with standard retention periods where possible, in line with documentation obligations.
- Integrity and confidentiality (security)
We have appropriate security measures in place to protect the personal data we hold.
- Accountability We take responsibility for the personal data we hold and have appropriate measures and records in place to demonstrate our compliance.