It is a set of rules governing the privacy and security of personal data laid down by the European Commission.

Any piece of information that can be used to identify an individual, is considered data. Therefore, data protection is the process of safeguarding this information from misuse, identity theft, corruption to name a few.

The EU General Data Protection Regulation (GDPR) defines personal data as “any information relating to an identified or identifiable natural person (‘data subject’).

In particular by reference to an identifier such as a name, an identification number, location, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

Types of personal data include name, address, phone number, email address, birthdates, bank account and credit card numbers, etc. The list may be subject to change with updates to the legislation.

The main legal terms of GDPR are as follows:

• Personal data: is any information that relates to an individual.

• Data processing: any action that happens while processing the data; collecting, storing, organising, or any other processes involved when handling data.

• Data subject: the individual whose data is being processed.

• Data controller: if you are a business owner or employee who handles data, this is you.

• Data processor: a third party that processes personal data on behalf your business.

• Identify the personal data you hold
• Conduct a risk assessment (Download your template here)
• Implement a security and breach procedure to ensure the data is protected
• Collect the data based on legal agreements. You should ensure you have justification to collect such data
• Only collect the data that is needed for the primary purpose of your business
• Be transparent with the reason you are collecting the data
• Make sure whether the data falls into the category of sensitive data (external link here)
• Decide whether you will need to retain the services of a Data Protection Officer

It is essential that you ensure compliance with the GDPR regulations. There are GDPR fines and penalties for a business who breaches the rules which can reach up to €20 million or 4% of the global revenue.

Data protection law does not stand in the way of the provision of healthcare and the management of public health issues. Nevertheless, there are important considerations which should be considered when handling personal data in these contexts, particularly health and other sensitive data.

Measures taken in response to COVID-19 involving the use of personal data, including health data, should be necessary and proportionate. Decisions in this regard should come from guidance and directions of public health authorities, or other relevant authorities.

Data protection is essential to keep your customer & employees’ information safe and to preserve your business from a further data breach.

We can help you protect your data. CSR Readiness® enables you to assess your risk in handling personal data, remediate your processes, implement policies, train staff and continue to monitor and audit, as required by laws and regulations.

BOOK 14-DAYS FREE TRIAL