What is the ‘GDPR’?
The General Data Protection Regulation is an EU law that came into effect on May 25, 2018 applying across all EU member states including Ireland in order to protect and safeguard the privacy rights of individuals.
Who does GDPR apply to?
In essence, it is difficult to think of a business that GDPR does not apply to because in order to do business most organisations need to collect personal data. GDPR applies to any individual or organisation that processes personal data so if you have a ‘Contact Us’ page on your website for individuals to submit their details, then you are collecting (and therefore processing) their personal data.
The GDPR does not just apply to large companies but also individuals, SMEs, not-for-profit organisation and community groups.
There is little difference in the application of the GDPR whether you are a large company, a SME or an individual. Very few exemptions under the GDPR apply to SMEs, one example would be that you may not be required to keep records of processing activities if you have 250 or less employees (depending on the type of personal data that you process). Apart from that, there are few differences in the application of the regulations based on the size of an organisation.
“Personal data may be held by an organisation in various forms such as emails, or CCTV recordings of individuals.”
What is ‘personal data’ and ‘processing’?
‘Personal data’ is any data that relates to an identifiable living individual. The definition of ‘processing’ of personal data is very wide and includes collecting, recording, storing, adapting, using, disclosing and deleting data.
Therefore, an organisation is ‘processing’ personal