The definition of Personal Data is any information that can be used to identify an individual. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information and more.
Personal data needs to be protected in order to avoid identity theft and fraud. But what happens when your organization collects personal data?
Organizations need to have a lawful basis for processing personal data. In the UK this means being GDPR compliant. The General Data Protection Regulation (GDPR) came into force on 25 May 2018, replacing the 1995 Data Protection Directive 95/46/EC as the main EU legislation on data protection. The GDPR gives individuals in the EU more control over their personal information and imposes tougher penalties for non-compliance by organizations handling this information.