Understanding GDPR: Basics, Personal Data, and Business Implications (Full Transcript)

Speaker 1: Hmm GDPR huh? Well in this video I'd like us to take just a few minutes tackling the basics so we will look generally at what it is and of course what it stands for which is General Data Protection Regulation. Hmm so sure I understand English so I can deduce that GDPR is regulation around data protection but more specifically GDPR protects the personal data of EU residents. Now this is a good definition to remember but we do need to make sure that we're clear on what we mean by personal data and an EU resident. So let's start with the EU bit and you may well know that the European Union is currently made up of 28 different countries over here in Europe and I know that 28 countries sounds like a lot but actually not every European country is in the EU. So for example Switzerland is in Europe of course right bang in the middle here but it's not a member state of the EU but anyway you can look up the detail for yourself if required so our point is GDPR protects the personal data of these good folks living here in the EU. But now let's drill down into what we mean by personal data and as a definition we can say that personal data is any information that could be used to identify someone you know a particular living individual that is and that might be a single piece of data such as some sort of personal identification number like the equivalent of a social security number or a national insurance number or something or it might be a combination of multiple pieces of information such as name and address which together will identify a specific person. Now you can see some examples of what might constitute personal data here we've got some obvious ones such as name and address and date of birth and email address and ID number but also online identifiers such as IP addresses or or cookie identifiers or even RFID tags and also some other personal information which as you can see is going to be rather more sensitive in nature. But note that this is not an exhaustive list these are just examples and remember that these bits of information could be used alone or in combination to identify someone. So we now broadly understand that GDPR protects the personal data of EU residents but I know you've still got questions why do we need GDPR and what are those regulations and how does it affect the business that I work for? Well in a nutshell depending on what study you read apparently less than 20% of us feel that we have control over the data that we have provided online and that's not a nice feeling. So GDPR is about building up trust and transparency by providing this set of rules for how companies and other entities can process the personal data of EU residents. So we did already have some rules in the past but GDPR refreshed this with new regulations which were approved back in 2016 but came into force in May 2018. Now we will look in more detail about what those regulations actually require you to do in other videos but suffice it to say if you break the rules there are penalties So let's just finish up with a quick recap on what we've learned. So let's imagine you're a company based in the US so that's where your business operations take place. So you might be thinking, phew, we don't need to worry about GDPR but no it doesn't matter if you're not physically based in the EU. The GDPR rules will apply if you're offering goods or services to people in the EU or even if you're just capturing some of those online identifiers such as IP addresses and cookie information and whatnot. So then you say to me, ah no we don't actually capture names and addresses only for example postal codes and dates of birth. Well you know the answer to this if that's enough to uniquely identify a particular individual in the EU then sorry you can't escape it GDPR will apply. So although we have got more to learn about GDPR for now we can see that it's certainly a good thing for building trust and transparency with your EU customers.