GDPR
On 25 May 2018, the General Data Protection Regulation (GDPR) legislation came into force. These laws govern the collection, storage, processing, and sharing of any personal information of EU-citizens in order to protect their privacy.
GDPR Key Principles:
- Transparency: organisations should clearly communicate what data they collect, why, and how long that data is stored for.
- Purpose Limitation: any personal information can only be collected and used for a clear, pre-determined purpose.
- Data Minimisation: only data that is adequate, relevant, and limited to what is necessary for the purpose may be collected.
- Integrity and confidentiality: personal data must be appropriately secured and protected against loss or theft.
- Consent: personal data may only be collected after express consent by the user.
- Rights: individuals have the right to consult, correct, delete, and transfer all of their personal data.