This page answers frequently asked questions about theGDPR (General Data Protection Regulation).
Questions are grouped by topic – simply use thelinks below to find the answers you need.
If you have a general question that isn’t answered here,let us knowand we’ll do our best to update this page.
Alternatively, if you have a more complex query, why not talk to one of our consultants using our GDPR Ask Us service?
UK data protection law is currently being revised. We are following the progress of the Data Protection and Digital Information (No.2) Bill through parliament and will keep you updated on how it might affect your data processing obligations.
FAQs
Can I share a list of individuals' personal data with my business partners (third parties)? Yes, you can, but the GDPR places certain obligations on businesses which share personal data. Your organisation must inform individuals that you will share their data with a third party.
What questions are asked in GDPR compliance? ›
Top 10 GDPR questions answered
- What is the GDPR? ...
- When did the GDPR come into effect? ...
- To whom does the GDPR apply? ...
- What responsibilities do companies have under the GDPR? ...
- What kind of information does the GDPR apply to? ...
- What rules should businesses follow to ensure compliance? ...
- What are the penalties for GDPR breaches?
Can I share a list of individuals' personal data with my business partners (third parties)? Yes, you can, but the GDPR places certain obligations on businesses which share personal data. Your organisation must inform individuals that you will share their data with a third party.
What are the 7 GDPR requirements? ›
Lawfulness, fairness, and transparency; ▪ Purpose limitation; ▪ Data minimisation; ▪ Accuracy; ▪ Storage limitation; ▪ Integrity and confidentiality; and ▪ Accountability. These principles are found right at the outset of the GDPR, and inform and permeate all other provisions of that legislation.
What are the 4 important principles of GDPR? ›
These principles include the lawful, fair, and transparent processing of personal data; the purpose limitation principle, which emphasizes the need to collect data for specified and legitimate purposes; the minimization principle, which requires organizations to only collect and retain the data necessary for the ...
What are the golden rules of GDPR? ›
Necessary, proportionate, relevant, accurate, timely and secure: Ensure that the information you share is necessary for the purpose for which you are sharing it, is shared only with those people who need to have it, is accurate and up-to-date, is shared in a timely fashion, and is shared securely.
What are the 4 key characteristics of GDPR? ›
Answer
- fair and lawful processing;
- purpose limitation;
- data minimisation and data retention.
The 10 Key Requirements of the GDPR
- Recordkeeping: ...
- Data Protection Officers. ...
- Data Protection Impact Assessments. ...
- Privacy by Design and Default. ...
- Transparency and GDPR. ...
- Informed Consent or another Basis for Processing. ...
- Third Party Processing. ...
- Data Subject Access Requests.
Broadly, the seven principles are :
- Lawfulness, fairness and transparency.
- Purpose limitation.
- Data minimisation.
- Accuracy.
- Storage limitation.
- Integrity and confidentiality (security)
- Accountability.
Some of the key privacy and data protection requirements of the GDPR include: Requiring the consent of subjects for data processing. Anonymizing collected data to protect privacy. Providing data breach notifications.
What are the 7 principles of the GDPR?
- Lawfulness, fairness, and transparency.
- Purpose limitation.
- Data minimisation.
- Accuracy.
- Storage limitations.
- Integrity and confidentiality.
- Accountability.
10-Step GDPR Compliance Checklist
- #1 Know the data you hold. ...
- #2 Secure your website. ...
- #3 Update privacy policy. ...
- #4 Get consent for emails. ...
- #5 Add a cookie banner. ...
- #6 Check forms on your website. ...
- #7 Review data processors or third-party services. ...
- #8 Review international data transfer.
These data include genetic, biometric and health data, as well as personal data revealing racial and ethnic origin, political opinions, religious or ideological convictions or trade union membership.
How do I prepare for GDPR compliance? ›
10-Step GDPR Compliance Checklist
- #1 Know the data you hold. ...
- #2 Secure your website. ...
- #3 Update privacy policy. ...
- #4 Get consent for emails. ...
- #5 Add a cookie banner. ...
- #6 Check forms on your website. ...
- #7 Review data processors or third-party services. ...
- #8 Review international data transfer.
If you've worked with the GDPR in previous roles, offer an explanation of the type of work you carried out and how the GDPR related to it. You may also wish to mention any strategies you've used to ensure compliance with the GDPR in your previous work.
What is the question GDPR applies to? ›
It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company's location.
