It’s Back-to-Work Brain you need to worry about!
Have you noticed it too?
No, we don’t mean the weekend already being a distant memory. Everyone’s beavering away again, yet something’s not quite right…
It’s called Back-to-Work Brain and, thankfully, it seems to have affected quite a few of us.
You know you’ve got it if your brain feels like it’s still in weekend-mode, a little rusty from underuse, and possibly in need of a further rest. Either way, it means getting back into full-on work mode hasn’t been easy.
So, if it’s been a struggle to get going again for your everyday job, we can only imagine what’s it’s like trying to remember any GDPR definitions – which is why we’ve laid on a quick refresher session below for you.
Here are our Top Ten GDPR questions and answers (plus a few extras) to get you up and running again:
What is the GDPR in Simple Terms?
Let’s start with the basics: GDPR stands for General Data Protection Regulation, it’s the new law in town, and came into effect on 25th May 2018.
It’s not to be confused with Goring & Didcot Pirates’ Regatta (which usually takes place in July sometime and probably has revellers bellowing “GDP-aRRRRRRR!” at every opportunity).
What Does ICO Stand For?
This is the Information Commissioner’s Office and requires every Data Controller (see #3) processing personal information (see #7 and #8) to register with them, unless exempt. Whilst very helpful and supportive, it’s probably not a good idea to get on the wrong side of the ICO.
What is the Role of a Data Controller?
This is usually the organisation (or individuals acting on behalf of the organisation) responsible for determining how and why any personal data stored is processed (see #5).
What is the Role of a Data Processor
When used in relation to personal data (see #7 and #8), this refers to any person (other than employees of the data controller/organisation) who processes the data (see #5) on the data controller’s behalf (e.g. an external agency providing services for the data controller and with access to its customer data).
What is Data Processing?
This involves any processes to do with the data – from collecting, holding, and organising it to altering, updating, and analysing it; and from retrieving, disclosing, transmitting, and sharing it to withholding, blocking, erasing, and destroying it. It’s so much more than just typing it in…
What Does a Data Protection Officer (DPO) Do?
A DPO is an (often mandatory) appointed role within the organisation, and required by the GDPR to implement and monitor the organisation’s data protection strategy in line with GDPR compliance requirements. It’s nothing to do with a well-spoken robot from Star Wars.
What is Personal Data Under the GDPR?
This is information relating to an identified or identifiable natural person, who can be identified, directly or indirectly, such as their name, photo, date of birth, or IP address) or indirectly (such as, passport, national insurance number or car registration or physical characteristics).
What is Special Categories of Personal Data?
This is information on an individual’s ethnicity or racial origin, political opinions, religious beliefs, trade union status, physical or mental health, sexual orientation, criminal record, and genetic or biometric data.
What does Consent mean in GDPR?
This is the person’s freely-given, active agreement for his/her personal data to be processed (see #5). If you currently rely on consent as your legal basis for processing personal data, you must check that it’s still valid under GDPR (and be able to demonstrate that). Say goodbye to small-print, pre-ticked boxes…
What counts as a Data breach?
Okay, here we go: according to the ICO, this is a “breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of a public electronic communications service.”
Pretty wide-ranging, then, not particularly great if it happens, and likely to result in a big fine. Just ask Facebook, British Airways, or Marriott Hotels.
An example of words uttered soon after #10 is discovered. These are potentially followed by more words that we can’t write here, and which we believe could be Anglo-Saxon in origin.
This is the term used to describe the bringing together of people and data, usually as part of a winning combination. It’s a bit like gin and tonic, Lennon and McCartney, and teaching the world to sing in perfect harmony.
So, there you have it: an aide memoire to get you into the GDPR groove.
Got Questions…? Contact Us
Contact our team of Data Ninjas, they are always at the end of an email or phone, don’t hesitate contact us with any of your GDPR / Data Protection questions.
We hope it helped, and without us sounding too much like we’d swallowed a dictionary. And remember, if you need any more assistance, feel free to get in touch.
Now, it’s back to more Databasix work and the next thing we had written down on our To Do list. Which we have around here somewhere. We think…
See, we told you it wasn’t easy.
Until next time…