What is General Data Protection Regulation (GDPR)?

The General Data Protection Regulation (GDPR) is an EU law regarding data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA zones. GDPR also applies to any organisation outside of the EU which offers goods or services to customers or businesses in the EU. In other words, virtually every major corporation in the world requires a GDPR compliance strategy.

Under GDPR rules, organisations must ensure that personal data is gathered legally and under strict conditions, and are obliged to protect it from misuse and exploitation and respect the rights of data owners. The GDPR levies severe financial penalties against those who violate its standards.

How does GDPR apply in the UK?

The Data Protection Act is the UK’s implementation of the GDPR. It controls how personal information is used by organisations, businesses or the government. Every entity responsible for handling personal data has to follow data protection principles which ensure information is:

  1. used fairly, lawfully and transparently
  2. used for specified, explicit purposes
  3. used in a way that is adequate, relevant and limited to only what is necessary
  4. accurate and, where necessary, kept up to date
  5. kept for no longer than is necessary
  6. handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage

Was this article helpful?

Friendly Score UK Ltd.

52 Brook Street 1st Floor, Mayfair

London W1K 5DS

Call us on +44 20 3709 6726

Company registered in England

Company number 09168668, ICO ZA111687

VAT registration number 206 9758 80

Authorised and Regulated by the Financial Conduct Authority. (FRN: 781963)