GDPR and Data Protection
This is a summary of GDPR and how it affects handling of personal data.
What is the GDPR?
The General Data Protection Regulation (GDPR) is an EU regulation that allows EU citizens better control over how their personal data is processed. Businesses that process personal data must maintain records of personal data and processing activities. The GDPR applies to organisations operating within the EU. It also applies to organisations outside the EU offering goods or services to individuals in the EU.
The GDPR and data protection
Under the GDPR businesses that process personal data are obliged to take a 'data protection by design and default' approach. This means that the protection of personal data is a vital part of how processing is managed. Written contracts must be in place with organisations that process personal data. Businesses should use privacy friendly techniques such as anonymisation of fields in data records and encryption in order to protect personal data.
What is considered personal data?
Personal data means any information relating to an individual whether it relates to their private or professional or public life. It can be anything from a name, an address, an IP addresses or a telephone number.
When writing applications you need to consider the content of your data and how it's handled, the Considerations for Application page provides some guidance for how to make your applications on Aculab Cloud compliant with the regulations. This guidance is Aculab's current understanding and is not intended to represent legal advice. If you handle personal data you should obtain independent legal advice regarding your own specific use cases.