Data protection is changing − the new general data protection regulations (GDPR)

Personal data can be defined as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.¹ Further to this, ‘sensitive’ personal data, now known as ‘special categories’ of personal data include:

The new General Data Protection Regulations supersede the Data Protection Act (DPA), to standardize data privacy laws and protect an individual's rights in a modern data-driven digital economy.² It comprises 99 articles grouped into 11 chapters. It is applicable to all organizations operating within the European Union (EU), and to non-EU organizations offering goods and services to individuals within the EU.¹ Britain's decision to leave the EU does not affect the implementation and enforcement of this European legislation,³ which came into force on 25th May 2018. The Information Commissioners Office (ICO) has stated that ‘if you are complying properly with the current law then most of your approach to compliance will remain valid under the GDPR and can be the starting point to build from’.⁴ There are, however, new elements and significant enhancements which are applicable to both automated and manual systems.¹