There is lots of information out there about the GDPR, and its aim to regulate the processing of personal information. When we hear the term “personal information”, we automatically assume that this new legislation aims to protect the consumer and how companies store and process their data.

 

But this is a HUGE misconception

 

The purpose of GDPR is to provide a set of standardised data protection laws across the EU, and to make is clear to all EU citizens how their data is being used, and what their rights are should there be any concerns.

 

So, what is the definition of personal data?

The ICO website says this;

The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.

The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.

Personal data that has been pseudonymised – eg key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.”

 

It is likely that most companies will hold employee data, which will be regulated under GDPR, but it will also apply to all sorts of transactions, including B2B.

 

As an example; marketing to corporate email addresses. The GDPR does not regulate emails sent to a general email, such as enquiries@company.com, but if the data held about a company includes a personal email such as joe.bloggs@company.com, then this is considered personal information, and will be regulated. This means that you need to have a justifiable and legal basis for processing.

 

GDPR is necessary to modernise the old data protection laws, which were not designed with our evolving technological world in mind, and compliance is essential.

 

If you are concerned about managing your company’s data under the new regulation, contact our team, to find out how we can help.