Question 1

What is GDPR?

Accepted Answer

GDPR stands for General Data Protection Regulation. It’s an EU (European Union) law, but it affects businesses worldwide to different extents.

The GDPR sets new standards for data protection that:

- Give individuals greater control over their personal data
- Places limits on what organisations can do with personal data.

Personal data is information that allows a person to be directly, or indirectly, identified. Such as a person's name, cookie identifiers, or health information.

Question 2

When did GDPR come into effect?

Accepted Answer

It went into effect on May 25, 2018.

It is written in a general way to allow countries within Europe to make their own small changes to suit their own needs.

Question 3

Why was the GDPR needed?

Accepted Answer

In essence, there wasn’t enough regulation around how personal data was being used by companies, and it was open to severe misuse.

New sanctions and regulations were needed to protect individuals’ rights and keep up with the revolutionary ways in which data is mined. Many would argue that further action is still needed.

Personal data has rapidly become a highly valuable resource. This is because it is used for data profiling, making sales and other processes more efficient, to name but a few!

These actions all drastically increase profits. While we can’t know for sure just how much the industry is worth, the World Economic Forum estimates that it supports a trillion-dollar industry.

Question 4

What does the GDPR actually say?

Accepted Answer

The GDPR has 7 key principles:

- Lawfulness, fairness and transparency

- Purpose limitation

- Data minimisation

- Accuracy

- Storage limitation

- Integrity and confidentiality

- Accountability

Question 5

What is considered personal data under GDPR?

Accepted Answer

Personal data is any information that can identify you. We go into this in more detail on our personal data page, but personal information includes: name; postal address; contact details such as your email address and telephone number; date of birth; ID Numbers such as passport, drivers license and National Insurance number; mobile phone GPS; cookie identifiers; interests (as long as it doesn’t give away ‘sensitive’ data) such as magazine subscriptions, social media and app activity, music and entertainment channels; bank details; insurance details, and more.

Question 6

Who does GDPR apply to?

Accepted Answer

GDPR applies to organisations and individuals. Organisations must adhere to GDPR law as outlined above, and individuals have far greater rights over their own personal data.

Question 7

What is GDPR compliance?

Accepted Answer

GDPR compliance means complying to General Data Protection Regulation. In this blog post, we've laid out what the 7 principles of GDPR are, and the rights that it grants to individuals. Companies that don't adhere to GDPR, who are non-compliant, can face large fines. We've got a fair bit of advice for companies on how to improve their data practices in our blog.

Question 8

Does GDPR mean businesses have to behave differently?

Accepted Answer

Absolutely. The purpose of GDPR is to make data practices fairer, which means giving more rights to individuals over their personal data, and placing restrictions on what companies can do with it.

There are a couple of key implications for businesses:

Financial penalties:

Businesses who do not comply with the GDPR regulations can be fined. The fines for noncompliance are: Up to $23 million or 4% of annual global turnover. For example, British Airways were fined $230 million in 2018 when the booking details of 500,000 customers were stolen in a cyber attack.

Increased spending on data protection:

For most businesses, the GDPR will require greater compliance spending. Businesses must ensure their operational processes and technology are up to the latest standards and protocols.

An opportunity to build customer trust:

These expenses can result in greater trust and confidence from customers. With personal data usage becoming increasingly seen as negative, with loud media coverage on the bad actions of a few organisations, trust with data is becoming a more valuable asset for businesses.

Question 9

What does GDPR mean for you?

Accepted Answer

GDPR gives you as an individual much greater control over their data and secures these 8 rights:

- The right of access means that if you want to find out what data a company holds on you, you can send a Subject Access Request (SAR) and receive a copy of this data.
- The right to rectification means that you can correct your own personal data if it's wrong or out of date.
- The right to erasure means that you can ask for your personal data to be erased. This is also known as the 'right to be forgotten'.
- The right to restrict processing means that you can limit how a company processes your data, for example deleting some of it rather than all of it.
- The right to data portability means that you can share or transfer your personal data from one service to another for your own purpose e.g. Facebook's ability to transfer your photos to a Google Photos account.
- The right to object means that you can object to your data being used in certain ways, like for marketing purposes.
- Rights of automated individual decision-making, including profiling means that a company needs your explicit consent, a contract, or a legal justification for making a decision about your data without human involvement.

To start sending requests to exercise your rights, try our quick and simple request sender.

Question 10

How does the GDPR compare to other parts of the world?

Accepted Answer

According to the International Association for Privacy Professionals, the GDPR is one of the most ‘comprehensive data protection laws in the world to date’.

Although there are many types of privacy legislation in the world, GDPR is most often compared to the California Consumer Privacy Act (CCPA), which is the first big state-wide privacy legislation in the US and came into effect in early 2020. To see how they compare, you can check out our blog here.

GDPR: Everything you need to know

What is GDPR?

When did GDPR come into effect?

Why was it needed?

What does the law actually say?

Related Articles

Everything you need to know about personal data

What is the ‘Ad Tech’ industry, and why have I never heard of it?