| ITL3 A4.1 |
GDPR is EU legislation that covers the collection and use of personal information. It forces companies and agencies that collect personal data to justify all their uses of it and gives individuals clarity over the kind of data used and how it is used. This video will look at how the legislation works, and what happens if an organisation doesn't comply with it.
- GDPR is EU legislation that covers the collection and use of personal information. It forces companies and agencies that collect personal data to justify all their uses of it, and gives individuals clarity over the kind of data used and how it is used. GDPR was created in response to the huge amounts of very personal data that companies can now collect via digital devices, online shopping and social media. There was already regulation in this area, but the explosion in the collection and storage of personal data we've seen in recent years, prompted an update. Although GDPR is a piece of EU legislation, it has massive effect globally. The law applies to information gathered about EU residents so, although a company may have workers, servers, and information held in another location, if they collect the data of EU residents, GDPR applies. Further to this a lot of international companies use EU based data processing facilities. So what exactly is personal data? Personal data is any information that can be used to identify an individual. This includes names, phone numbers, usernames and locations, including IP addresses. There's another category of personal data called sensitive information that must be treated with extra security. This includes racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, and biometric data. GDPR also affects the individual in a few different ways. They have to opt in to allow organizations to use that data which can mean ticking a lot more boxes when using web services. It also means those organizations and companies collecting the data must use very clear language in their communications to help minimize misunderstandings. GDPR has also introduced the right to be forgotten, which means that individuals can now ask the data to be deleted. However, conditions apply to the right to be forgotten, and it is not absolute. There are severe penalties for non compliance. Companies can be fined up to 20 million euros or 4% of their annual turnover, whichever is greater. So to recap, GDPR is legislation that covers the collection and use of personal data. It is EU law, but it affects companies in almost every country. GDPR means that companies must treat their personal information very carefully and the penalties for non compliance are severe. .