Data Protection Q&As

Q: What is GDPR?

GDPR is the toughest privacy and security law in the world and has been in effect since 25th May 2018.

 

GDPR applies to any organisation operating within the EU as well organisations outside of the EU which offer goods or services to customers or businesses in the EU. 

 

GDPR is a regulation and not a directive. It is legally binding and cannot be opted out of, or ignored. Fines of up to €20 million or 4% of your company’s global turnover can be levied if regulation is ignored.

Q: Why has the GDPR been introduced?

GDPR has been put in place to provide EU citizens control over their personal data, ensuring the storage and handling is:

 

• Lawful, used in a fair way and transparent to the data subject
• Used for the purposes as described to the individual when it was collected
• Limited, only collect the information that is absolutely necessary
• Kept up to date and accurate
• Stored securely and for as long as is necessary for the purpose originally specified

Q: What is personal data?

Personal data is information that identifies someone personally and tells you something about them such as their name, place of work, personal / work email address and / or their home address.

Q: What is a Data Transfer Agreement (DTA)? Why does it exist and what purpose does it serve?

A Data Transfer Agreement (DTA) is an agreement established between organisations that governs the transfer of data from the owner / provider to a third party. 

 

An example is the data transferred from a lead generating product - both parties become joint controllers of the data. There is a legal obligation to set out your responsibilities in a joint control arrangement (the DTA).

 

DTA’s set out the purpose of the data sharing, cover what happens to the data at each stage, sets standards and helps all parties be clear about their roles and responsibilities.