× FreshBooks App Logo
FreshBooks
Official App
Free - Google Play
Get it
You're currently on our UK site. Select your regional site here:

Help

Call Sales: +44 (800) 047 8164

4 Min. Read

What Is GDPR (General Data Protection Regulation): A UK Guide

What Is GDPR (General Data Protection Regulation): A UK Guide

We all have a right to privacy.

Nowadays it seems that our lives and information are constantly being splashed across the internet. It can seem like the days of keeping information private are slowly slipping away.

However, it’s not all doom and gloom as on 25th May 2018 there was a long-planned shift in the laws that protect the personal information of individuals.

This reform was titled General Data Protection Regulation, or GDPR. It has now been in place for over three years and has modernised the laws surrounding our privacy.

But what exactly is GDPR? And what does it mean for our online privacy? Let’s take a closer look.

Here’s What We’ll Cover:

What Is GDPR?

Why Was GDPR Introduced?

What Data Does GDPR Protect?

How to Be GDPR Compliant

Key Takeaways

What Is GDPR?

General Data Protection Regulation, or GDPR, is the world’s strongest set of data protection rules. It is a privacy policy that enhances how people can access information. It also places limits on what organisations can do with our personal data.

These regulations were put into place as a framework for data laws across the EU. It helped to replace the antiquated 1995 data protection directive. There was a pressing need for a reformed privacy law as the rise of the internet changed how data can be spread and handled.

The flexibility that GDPR provided led to the creation of the Data Protection Act. This was put into place within the UK in 2018 to supersede the protection law laid out in the 1998 Data Protection Act.

GDPR was lauded as a progressive approach to how people’s personal data should be handled on a legal basis. It put strict limits on various associations and organisations.

The provisions of GDPR are consistent across all 28 EU member states. This means that there is just one standard to meet within the EU – though it is a high standard to reach.

Why Was GDPR Introduced?

With the rise of cybercrime and hacking scandals, there was great public concern over privacy across Europe.

There was an alarming statistic gathered by the RSA Data Privacy & Security Report for companies that deal with consumer data. It stated that 62% of people would blame the company for their lost data if a breach occurred, not the person who hacked their system.

This lack of trust was a key component towards bringing about GDPR as a way to reform how data was handled.

What Data Does GDPR Protect?

There are a number of factors that GDPR covers. Some of the most important ones include:

  • Basic Identity Information: This could be things such as name, address and any ID numbers.
  • Web Data: Things that can be shared over the internet such as your location, your IP address, cookie data and RFID tags.
  • Health and Genetic Data: GDPR protects your medical history and any information that pertains to your health.
  • Racial or Ethnic Data: This would be what race you are or what ethnicity you come from. It would also cover any religious beliefs.
  • Political Opinions: What political views you hold or what you have previously voted for is considered protected data.
  • Sexual Orientation: This could be what gender you define as or which sex you are attracted to.

Every one of these points are considered protected data under GDPR legislation.

How to Be GDPR Compliant

GDPR compliance will change depending on what data you are collecting and how you are collecting it. But the general rules apply to every sector. Under GDPR rules, any person whose data you are collecting must be informed and explicit consent must be given.

For example, if you visit a website, they will have to inform you and ask if they are allowed to collect cookies from you.

Once you have gathered information, you cannot share it with any third party without direct permission. Another rule is that you have to notify visitors of any personal data breach or if their information has been compromised.

Any public authority or business whose core activities surround personal data must employ a data protection officer. This protection officer is responsible for managing compliance with GDPR.

Key Takeaways

The introduction of GDPR and the more stringent data protection rules it has brought about is generally considered a positive step forward for the privacy rights of the general public.

This protection by design gives people the confidence that their information is being looked after. It also meant that companies can no longer benefit from selling information to third parties.

Are you looking for more business advice on everything from starting a new business to new business practices?


Then check out the FreshBooks Resource Hub.


RELATED ARTICLES