GDPR Scope

GDPR is an overdue update for the Data Protection Act implemented in 1998, this is a required update due to the volume of personal data now captured by organisations.

The concept of GDPR is simple, businesses need to be clear about the personal data they hold, why they captured it and what they intend to do with it

We are all data subjects, when you open a bank account do you expect all the information you provide to be kept secure? How would you feel at the potential financial or reputation risk should that data get into the wrong hands?

there is a common misconception that GDPR is related to computer files only, this is not the case. GDPR takes into consideration of all data no matter the medium.

GDPR protects all subjects that reside in the EU no matter if the data is being processed by a EU organisation or not. For example, if you a EU citizen purchase a product from an American company the American company MUST comply with the  regulations.