Here is a link to the ICO website, which provides guidance on GDPR compliance.
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). The main purpose of GDPR is to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
The GDPR sets out strict rules for how organisations collect, store, and process personal data. This includes requirements for organisations to obtain explicit consent from individuals to collect their personal data, to clearly state the purpose for which the data is being collected, and to provide individuals with the right to access and delete their personal data.
Under GDPR, organisations that fail to comply with the regulations can face significant fines and other penalties.
Overall, GDPR has significantly strengthened the rights of individuals in the EU and has increased the accountability of organisations that collect and process personal data. It is important for all organisations operating within the EU to ensure that they are GDPR compliant in order to avoid penalties and to maintain the trust of their customers.
Under GDPR, individuals have the following rights with respect to their personal data:
These rights are designed to give individuals greater control over their personal data and to ensure that organisations are transparent about how they collect and use personal data.
Under GDPR, businesses must take several steps to be compliant, including obtaining explicit consent from individuals to collect their personal data, ensuring that personal data is processed in a secure manner, and reporting data breaches within 72 hours of becoming aware of them.
In addition to the mandatory items previously listed, businesses may also be required to keep certain registers to be GDPR compliant. These registers include: