How GDPR Affects Personal Data
GDPR applies to ‘personal data’ – information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
Personal identifiers constitute personal data, including name, identification number, location data or online identifier.
It is no longer acceptable to believe you have consent to store and process personal data by default. Organisations must explicitly obtain consent and GDPR has toughened the rules for getting and keeping consent.
The main difference is that personal data must be obtained in a way that leaves no room for misinterpretation. This means it must be provided in a clear statement – whether written or spoken.
Data subjects have a number of rights relating to the way organisations collect, store and hold their data. These include:
* The right to be informed
* The right to be forgotten
* The right to restrict processing
* The right to data portability
* The right to object
* The right to access
Understanding how you store, manage and use personal data across your entire business is critical to you becoming GDPR compliant.
We can facilitate this within DytaPro and provide you with a fully effective, compliant solution.