Some frequently asked questions and answers about GDPR
Here are some frequently asked questions about the GDPR and why we’re making changes to our contract. If you have any questions that we haven’t answered, please have a look at the ICO’s guide to GDPR.
What is the GDPR?
GDPR stands for the General Data Protection Regulation. It’s a new, European-wide law that replaces the Data Protection Act 1998 in the UK. The UK has now made this into a law, called the Data Protection Act 2018 and it involves the protection of personal data and the rights of individuals. It also places more obligations on how organisations handle personal data.
When does GDPR come into effect?
It came into effect on 25 May 2018.
Who is affected by the GDPR?
It applies to all business activities of EU-based organisations that involve processing personal data, even if the processing itself isn’t taking place in the EU. It also applies to any EU residents’ personal data processed by non-EU organisations if they are offering goods or services to those EU residents. And, it applies if those organisations are monitoring EU residents’ on-line activity when that takes place in the EU.
What do you mean by data processing?
Data processing is anything we do with personal data such as collecting, recording, organising, structuring, storing or adapting it. It also includes how we manage and store personal data so that we can provide you with relevant products and services.
What is personal data?
The law tells us that it is any information relating to an ‘identified or identifiable natural person’ that can be used to identify them; for example, a name, address, telephone number, or IP address. GDPR applies only to personal data of a living person and not to anybody who is deceased.
What responsibilities do organisations have under this new regulation?
Many of our responsibilities aren’t new, they were already covered by the previous law. GDPR just aims to create more transparency and give more control to individuals over how organisations collect, store and process their personal data.
What effect, if any, does Brexit have on GDPR?
UK businesses still need to be GDPR ready for two reasons. Firstly, GDPR became law on 25 May 2018, which is before Brexit. Also, the UK government has put in place the Data Protection Act 2018 as part of the EU Withdrawal Bill.
What has Active Web Learning done to be GDPR Ready?
Active Web Learning upholds the highest standards of data privacy. We’ve taken the key steps to ensure that we’re in line with GDPR and we view the commitment to the highest standards of data privacy as an ongoing process. We’ll continue to collaborate with the regulatory authorities as required to share details of the extensive programme of work we’ve been running to achieve compliance.
We’ve undertaken the extensive programme of work since early last year to ensure that we’re in line with the new regulations. Key steps include:
- re-writing our main customer-facing privacy policies
- creating a system to allow tight management of data across systems
We’re confident that we’ve already taken the most important measures that most directly impact on our customers’ rights and the protection of their data. Upholding high standards of data privacy is already a key part of our business, so we’ll continue building on the work to continue to enhance the privacy culture throughout our business.