Search Our Site

GDPR FAQs

Find out more about our key GDPR topics and course with our in depth FAQs.

GDPR Online Training Course

This essentials of GDPR course is aimed at those involved in the handling of people’s information as part of their day to day role, providing a GDPR overview. By taking this course, learners will understand the key principles and process under the regulation and what their roles and responsibilities include.

The essentials of GDPR

General GDPR FAQs

What is the GDPR 2018?

The General Data Protection Regulation 2018 is the EU regulation introduced in 2018 to cover data protection and privacy for all of the countries and individuals within the European Union.

Does GDPR apply to Britain and UK citizens?

Currently, Britain remains in the EU, so GDPR certainly applies. UK data protection law post-Brexit is likely to be very aligned with that of the EU, so compliance regulations are unlikely to change much, if at all.

How did GDPR come about?

GDPR was introduced to bring data protection laws in the European Union up to date with the current digital landscape, with its predecessor, the Data Protection Directive, dating back to 1995. The directive also allowed more customisation by EU member states, whereas a regulation makes data protection compliance more unified.

Is GDPR retroactive?

In theory, it isn’t, but best practice according to the ICO would be to have re-confirmed all consents for holding personal data that were gained before GDPR.

What does GDPR compliance mean?

GDPR compliance means managing your usage of personal data in accordance with the regulations contained within GDPR.

What is a GDPR compliance checklist?

The ICO has created GDPR compliance checklists to help companies ascertain themselves whether they are compliant with GDPR.

GDPR Legislation FAQs

Does Brexit affect GDPR?

The extent and nature of Brexit remains unclear, but UK data protection law will remain in place and the government will apply GDPR principles when leaving the EU, so very little is likely to change in terms of compliance. For companies dealing with data from EU citizens, GDPR will still apply.

Does GDPR cover deceased?

No, information about somebody who is deceased is not covered by GDPR because it is not classed as personal data.

How long should personal data be kept GDPR?

There are no specific limitations for how long data should be kept under GDPR, but the guidance is that it should be kept no longer than is necessary.

Is GDPR replacing DPA?

GDPR didn’t replace the Data Protection Act, which was renewed in 2018 and covers areas not already covered by GDPR, including national security and immigration matters.

What is GDPR ICO?

ICO is the Information Commissioner’s Office, an independent authority that upholds information rights to protect data privacy for individuals. GDPR is the General Data Protection Regulation, written under EU law to standardise data protection and privacy

What is meant by the right to be forgotten under the GDPR?

Also known as the right for erasure, it is the right under GDPR for an individual to request that a company deletes all personal information a company has about them.

Interactive game - Can you escape the confusion based around GDPR?

Your mission is to use the clues in each room in order to find the correct combination and progress to the next level.

You will be timed in each room, so see how quickly you can solve each puzzle for the quickest overall time!

Good luck!

GDPR online game

GDPR in the workplace FAQs

Do I need to comply with GDPR?

Any business that holds personal data about a resident of the European Union needs to comply with GDPR, whether the processing of that data takes place in the EU or not. Any business that offers free or paid goods or services to EU residents needs to comply.

Do I need to register with ICO under GDPR?

Data controllers (businesses that determine the purpose for which personal data is processed) need to register with ICO and pay a data protection fee, unless they are exempt (which applies to members of the House of Lords, elected representatives and prospective representatives).

How do I know if I am GDPR compliant?

The best way to check that you are GDPR compliant is to complete a Data Protection Impact Assessment from the ICO and, if needed, contact ICO for more information and advice afterwards.

How long do you have to respond to a GDPR request?

Once a GDPR data request has been made, organisations have to respond no later than one calendar month from the receipt of the request. For more complex requests or multiple requests, the limit is three calendar months.

What is the main aim of the GDPR?

The main purpose of GDPR is to standardise and update the data protection laws across the European Union, which were previously dated and inconsistent.

What is the maximum fine for not complying with the GDPR?

The maximum fine for a data breach under GDPR is 4% of annual turnover or €20m if that is a greater amount.

Personal GDPR FAQs

Can I ask for my data to be deleted under GDPR?

Although it is not an absolute right and only applies in certain circumstances, individuals can make a request to have their personal data erased under GDPR and businesses need to respond to you within a month.

Are all rights under GDPR absolute rights?

Some of the rights under GDPR are absolute, like the right to stop a company’s data being used for direct marketing, but others, like the right to be forgotten, are not absolute and only apply in certain circumstances.

Is a name personal data GDPR?

Any information that can distinguish someone from other people is an identifier and therefore a name is certainly personal data.

Is an email address personal data under GDPR?

An email address is an identifier that could be used to identify somebody so it counts as personal data under GDPR

What is PII under GDPR?

PII stands for Personally Identifiable Information and includes names, email addresses and any other kind of information a company might hold about you that could be used to identify you.

Who is responsible for GDPR compliance?

Within companies, the responsibility for GDPR compliance lies with anyone whose role involves the use of personal data, all the way up to the highest level. A Data Protection Officer must be appointed under GDPR.

GDPR Online Training Course

Compliance - Advice and resources for businesses

Virtual College offers a full range of bespoke and off the shelf compliance training programs. We also offer a comprehensive Learning Management Software solution as well as an integrated cloud-based Auditing tool.

To help your business meet all mandatory training requirements and criteria, we have produced a range of free resources for you and your employees.

PwC Report Summary

Technical GDPR FAQs

Are all rights under GDPR absolute rights?

Some of the rights under GDPR are absolute, like the right to stop a company’s data being used for direct marketing, but others, like the right to be forgotten, are not absolute and only apply in certain circumstances.

What data/information is protected by GDPR?

GDPR protects personal information, which can include names, email addresses, location data, identification numbers, online identifiers and anything that can be used to identify a person.

Does GDPR apply to private individuals?

Private individuals who have jobs that involve collecting sensitive personal data about clients from the EU will still need to comply with the regulations whether they are freelancers or solo practitioners like therapists or counsellors.

Will Brexit mean the GDPR doesn't apply?

Whenever the UK does leave the EU, in theory, GDPR will not apply, but in practice, all companies still holding data of EU citizens will have to comply. In addition, the UK data protection law is already very much in line with GDPR and will remain aligned after Brexit.

What qualifies as personal data under GDPR?

Under GDPR, personal data is anything that could be used to identify a person, including names, IP addresses, email addresses, telephone numbers, etc.

Who is responsible for GDPR compliance?

Within companies, the responsibility for GDPR compliance lies with anyone whose role involves the use of personal data, all the way up to the highest level. A Data Protection Officer must be appointed under GDPR.

GDPR definitions FAQs

Is an email address personal data under GDPR?

An email address is an identifier that could be used to identify somebody so it counts as personal data under GDPR

What are the 7 principles of GDPR?

The 7 principles of GDPR are lawfulness, fairness and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; and accountability.

What are the GDPR changes?

There are many changes that have come in as part of GDPR, but amongst the key aspects include new penalties of up to 4% of annual turnover (or €20m if that is greater); an increased focus on consent; expanded rights of access for individuals and the right to be forgotten.

What countries are subject to GDPR?

All countries within the EU are subject to GDPR, but it also affects any business that holds personal information about people who live in the EU.

What is considered PII under GDPR?

Personally Identifiable Information under GDPR means any information that could be used to identify a person when contained within data, so could include: names; email addresses; online identifiers, etc.

What rights do citizens have under GDPR?

Citizens have the right to be informed, the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object and also rights related to automated decision-making, including profiling.

CPD
investors-in-people-silver
ISO 9001:2015
bcs-accredited-training-partner
Crown Commercial Service Supplier
LPI Accredited Learning Technologies Provider

Contact

+44 (0)1943 605 976

Virtual College

Marsel House

Ilkley

West Yorkshire

LS29 8DD

Awards for footer
Gold and silver award winners at the Learning Technologies Awards 2017 - including gold for excellence in the design of learning content.

Login

We are in the process of moving to one Virtual College website. If you want to go back to a course, or start a course, bought from our old website then you may need to login to our original learning management system. Otherwise, please proceed to our new learning management system to return to your training.

LMS

You are already logged in. Click the button below to be taken to your LMS dashboard. Alternatively, click logout to leave the system.