The General Data Protection Regulation 2018 (GDPR) introduces the need for organisations to be more accountable in the way that they collect, use, store and dispose of personal information. It also gives individuals more control over their personal information.
You are now required to explain what information you have, why you have it, what you do with it and who you share it with.
This advice, which is based upon the ICO’s guidance GDPR: 12 steps to take now, summarises the changes and additional requirements introduced by the GDPR.
Protecting personal information provides an overview of all your data protection requirements, including the new requirements.