1 minute read
GDPR Staff Guidance
Updated: June 2023
This document is designed to run in tandem with the compulsory online GDPR Awareness Training for all staff.
Other documentation and policies to read include RJ Group Staff Handbook, Privacy Policy and Data Protection Policy.
What is it? – The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world.
Who does it impact? – Though it was drafted and passed by the European Union (EU), it imposes obligations onto organisations anywhere, so long as they target or collect data related to people in the EU.
When did it come into force? – The right to privacy is part of the 1950 European Convention on Human Rights. From this basis, the European Union has sought to ensure the protection of this right through legislation. The GDPR entered into force in 2016 after passing European Parliament, and as of May 25, 2018, all organizations were required to be compliant.
What are the penalties for violating GDPR? – The GDPR will levy harsh fines against those who violate its privacy and security standards. There are two tiers of penalties, which max out at €20 million or 4% of global revenue (whichever is higher), plus data subjects have the right to seek compensation for damages.
What information does the GDPR apply to? – The GDPR applies to ‘personal data’, which means any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier. Lawful basis for processing data – There are six lawful basis in which it’s legal to process personal data, a guide to these can be found further on in this guide.
7 Key Data Protection Principles - If you process data, you must do so according to seven protection and accountability principles. These are detailed further on in this guide.
What are data subject rights? – One of the aims of the General Data Protection Regulation (GDPR) is to empower individuals and give them control over their personal data. The GDPR has a chapter on the rights of data subjects (individuals), detailed further on in this guide.
What are the rules on security under the GDPR? – The GDPR requires personal data to be processed in a manner that ensures its security. This includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. It requires that appropriate technical or organisational measures are used.
