GDPR Impact on the Meaning of Private Data

You may know that on 25 May 2018 the General Data Protection Regulation (GDPR) will become a law. GDPR pertains to any business or organization that handles the data of folks who live within the European Union, no matter where the company or organization itself is based.

GDPR goes a great deal further than the directive which has been set up since 1995. It is envisioned to bring consistency to the manner data protection is managed across the European Union, and to make certain that the rights and freedoms of people are protected in this digital era.

What’s Personal Data?

Traditionally, private data has been thought of as information like a name and address. Nevertheless, the meaning of personal data as per the GDPR is a lot more wide-ranging than that. Essentially, data is defined as private if an individual could sensibly be identified from it. This can pertain to one piece of data or various pieces of data that have been grouped collectively.

This could include information like as an Internet Protocol address, which could be used, along with browsing information, to identify a person. You can start to see that the meaning of personal data has turned out to be more wide-ranging, with the introduction of GDPR.

What is Occurring about Consent?

As we stated, one of the main goals of GDPR is to protect the rights of people. This is why there are strict requirements when it comes to using consent as the motive for handling personal data. Naturally, companies and organizations do not necessarily require to have consented to handle personal data, if there are other lawfully valid reasons for doing so. But, if approval is being used as the reason for handling, they need to make sure that:

  • The individuals know what they are consenting to, and consent is categorical.
  • Consent is kept unconnected to other terms and conditions.
  • Personal data is just used in relation to the purpose for which approval is held.
  • An action should be taken to provide consent. This implies that companies and organizations can no more legitimately use pre-checked tick boxes.

It’s vital that all companies and organizations recognize private data, and make certain that approval is in place when needed. Failure in these areas might lead to non-compliance with GDPR, as well as the imposition of fines or other restrictions.