On May 25th 2018, GDPR will come in to force. It will oblige controllers of personal data to process the data lawfully, fairly and transparently. It will compel the controller to collect the data for a specified purpose, which must be communicated to the data subject in a concise and clear manner. The controller cannot collect data that is excessive and hold it for longer than is necessary. The controller must have appropriate technical and organisational measures in place to protect against unauthorized or unlawful processing or the accidental loss or damage to the data.
It is very broad. It is information relating to an identified living individual or living individual who can be identified from the data, directly or indirectly by reference to an identifier or a factor specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual. Special categories of data includes personal data revealing the racial, ethnic origin, political of religions opinions of the data subject, trade union membership. genetic, biometric, health and sexual orientation data.
Again, it’s very broad. It includes collecting, recording, organizing, structuring or storing data. It includes adapting, altering, using, disclosing, restricting, erasing and destroying data. GDPR compels a controller to make a record of all data processing activities.
GDPR brings a array of new rights to protect data subjects. Some include