The GDPR applies to ‘controllers’ and ‘processors’. The definitions are broadly the same as under the Data Protection Act (DPA) – ie the controller says how and why personal data is processed and the processor acts on the controller’s behalf. If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR.
Like the DPA, the GDPR applies to ‘personal data’ and is more detailed making it clear that information such as an online identifier – eg an IP address – can be personal data. For most organisations, keeping HR records, customer lists, or contact details etc, the change to the definition should make little practical difference and it can be assumed that if you hold information that falls within the scope of the DPA, it will also fall within the scope of the GDPR.
ReACT users subject to DPA will almost certainly, due to the type of personal data they use on a regular basis, be subject to GDPR and the ReACT Team will be carefully watching developments over the next few months to ensure that both the system and its users are compliant with the new regulations and will keep everyone well informed. It remains to be seen if GDPR will still apply after the UK leaves the EU.
More information about GDPR here
The ReACT Support Team strives to ensure that users can be confident that the system complies with all relevant data protection legislation. For more information about the ReACT suite of products please contact Nicola Tomlinson on 0121 384 2513 (option 4) or email to firstname.lastname@example.org