GDPR: back to basics
Technological advancements over the past 25 years have not only transformed our lives but also resulted in significant changes in the manner organisations collect and process personal data. In response to such technological advancements, there was a need to revise existing rules in order to protect the personal data privacy of EU citizens.
In 2016, the EU adopted the General Data Protection Regulation (GDPR) which came into force on May 25, 2018, giving member states two years to fully implement the regulation. The GDPR replaces the EU Data Protection Directive 95/46/EC and is now recognised as law across the EU.
The GDPR defines the key principles that need to be observed by organisations when processing personal data. Organisations are required to process personal data in a lawful, fair and transparent manner. Personal data collected from organisations should be carried out for a specific, explicit and legitimate purpose and the personal data collected must be adequate and limited to what is necessary.
Organisations must define retention periods and have an obligation to take all reasonable steps to ensure that personal data is kept accurate and up to date. Moreover,...