The New General Data Protection Regulation (GDPR) came into force on 25thMay 2018. This affects all organizations that hold personal data. GDPR gives individuals more control over how their data is used, and it ensures that organisations protect personal data better.
What constitutes personal data?
Any information related to a natural person or 'Data Subject' that can be used to directly or indirectly identify the person is personal data. It can be anything from a name, an address, a photo, an email address, bank details, medical information, or a computer IP address.