W elcome to the GDPR Decoded deep-dive guide to the General Data Protection Regulation (GDPR).
These pages are a detailed look at the various aspects of the General Data Protection Regulation (GDPR), with a focus on how each part of the regulation will affect small and medium sized organisations (SMEs), whether they be commercial or not-for-profit, in the UK. There's also a shorter GDPR Summary version of these pages that features a subset of the information in this guide.
This document is based on the only two sources of information that are truly authoritative at this point, namely:
- The GDPR itself , including the recitals (which are a series of clarifications and extensions to the GDPR's contents that have been officially incorporated into the regulation)
- The views of the Information Commissioner's Office (ICO), who are responsible for implementing and enforcing GDPR in the UK, in particular:
The aim of this document is not to reproduce and reword the contents of the above documents, but instead to provide an alternative 'way-in' to GDPR for the as yet uninitiated.
This document has sections that cover all of the main parts of the GDPR that apply to small and medium sized organisations. In each section we will include the headline detail of that part of the GDPR and then a series of examples and observations of what that part of the GDPR means to your organisation.
Each section will also include links to the relevant parts of the GDPR, the relevant Recitals and the relevant part of the ICO's Overview of the GDPR. The idea is that you read this document to get the gist, then read the content at each of those links to get the full detail. We are assuming that many people will use the ICO's Overview as a starting point, so we have followed a similar structure to that document. This series of articles could be considered a companion piece to the ICO Overview.
All of the above mentioned source documents are well written in plain English and are thoroughly understandable without the need for any prior knowledge of data protection or European law. The slight exception to that is the ICO site which makes frequent mention to the Data Protection Act (DPA), especially in the introduction. If you don't know the DPA well, don't be put off from continuing reading the ICO content, the content is invaluable even if you have to skim over the DPA parts.
It cannot be overstated enough that this document, and indeed this entire site, are primarily our opinion and our understanding of the GDPR. We are not lawyers or data protection experts, we are a software company seeking to understand the GDPR so that we can fully comply with it ourselves, fully comply with it in our role as a data processor and so that we can advise our customers correctly on how GDPR affects their systems. You should read the GDPR yourself and if you are new to data protection we would strongly recommend employing the services of a GDPR expert to assist on the path to compliance.