The General Data Protection Regulations (GDPR) came into force on 25 May 2018. These data rules fundamentally change the way we must store, use and communicate around the data we hold on employees and customers. The individual now has more power to control how businesses use their data – we could be required to report on, move or dispose of personal data at an individual's request.
This creates the need for key changes for many organisations. We must be able to provide individuals with their personal data in a clear manner, we must be able to truly forget data, we must be transparent and clear about all the ways in which the data is being collected and used, including who it will be shared with. When we collect and hold data, we become the data guardian throughout its entire lifecycle including the way that third party providers handle it (must be GDPR compliant).