The General Data Protection Regulation (GDPR) came into force on 25 May 2018 and repealed and replace the UK's Data Protection Act, 1998 (DPA). In the UK, it sits alongside an updated Data Protection Act, the DPA 2018.
The GDPR was introduced to:
Despite sharing many similarities with the 1998 Act, the GDPR introduced a number of changes to data protection practices. Key changes include:
The Regulation relates to:
any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular in reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Special categories of personal data
i.e. personal data, revealing:
Note: Data relating to criminal offences and convictions does not fall within the definition above despite being classified as 'sensitive personal data' under the Data Protection Act, 1998. Rules around the use of this type of personal data are covered in Article 10 of the GDPR and sections 10, 11 and Schedule 1 of the DPA 2018.
For further information contact, firstname.lastname@example.org.