There is lots of information out there about the GDPR,
and its aim to regulate the processing of personal information. When we hear
the term “personal information”, we automatically assume that this new legislation
aims to protect the consumer and how companies store and process their data.
But this is a HUGE misconception
The purpose of GDPR is to provide a set of standardised
data protection laws across the EU, and to make is clear to all EU citizens how
their data is being used, and what their rights are should there be any
So, what is the
definition of personal data?
The ICO website says this;
“The GDPR applies to ‘personal data’ meaning any information relating to
an identifiable person who can be directly or indirectly identified in
particular by reference to an identifier.
This definition provides for a wide range of personal identifiers to constitute
personal data, including name, identification number, location data or online
identifier, reflecting changes in technology and the way organisations collect
information about people.
The GDPR applies to both automated personal data and to manual filing
systems where personal data are accessible according to specific criteria. This
could include chronologically ordered sets of manual records containing
Personal data that has been pseudonymised – eg key-coded – can fall
within the scope of the GDPR depending on how difficult it is to attribute the
pseudonym to a particular individual.”
It is likely that most companies will hold employee data,
which will be regulated under GDPR, but it will also apply to all sorts of
transactions, including B2B.
As an example; marketing to corporate email addresses. The
GDPR does not regulate emails sent to a general email, such as email@example.com, but if the data
held about a company includes a personal email such as firstname.lastname@example.org, then this is
considered personal information, and will be regulated. This means that you
need to have a justifiable and legal basis for processing.
GDPR is necessary to modernise the old data protection
laws, which were not designed with our evolving technological world in mind,
and compliance is essential.
If you are concerned about managing your company’s data
under the new regulation, contact our team, to find out how we can help.