The General Data Protection Regulation (GDPR) is a regulation in European Union (“EU”) law on data protection and privacy for all individuals within the EU. The GDPR, will replace the Data Protection Act 1998, and aims to simplify the regulatory environment by unifying the regulation within the EU. It imposes new regulations for organisations who engage with individuals’ in the EU, expands individuals’ rights with respect to the processing of their personal data and mandates data security measure appropriate to the risk of personal data.
GDPR applies to any organisation that does business with citizens of the EU and European Economic Area (“EA”), and provides for two key areas with which organisations need to comply:
Consent: Provides greater rights and controls for individuals in the EU as to how their personal data is used
Accountability: Provides for greater accountability and the need for transparency across all organizations (effectively being able to demonstrate compliance with GDPR).
The primary obligation for compliance, and the ability to demonstrate compliance, with the six key principles that govern GDPR lies with the “Data Controller” (the organization dealing with the data subject, and in the case of RMS, the properties that use our software)
Please download the attached PDF for a more in-dept, easy-to-follow RMS guide to GDPR.