GDPR

Data

There is little change here between the Data Protection Act 1998 (DPA) and the General Data Protection Regulations (GDPR).

‘Data’ is information which:-

a. is processed by means of equipment operating automatically in response to instruction given for the purpose.  (computerised)

b. is recorded with the intention that it should be processed by means of such equipment (a.) (manual paper to be computerised)

c. is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system. (filing cabinets, or similar where the information is stored in a structured or indexed way and therefore necessarily readily accessible.)

d. does not fall within a.-c. above but forms part of an accessible record. (generally a health, medical, educational or public record held by a local authority for housing or social services purposes).

e. is recorded information held by a public authority and does not call within any of the paragraphs a.-e.

Next let’s look at

Personal Data

Because if the data is not personal, then the legislation does not apply.