Companies that collect data on people in European Union (EU) countries need to comply with strict new rules around protecting their customer information by May 25. The General Data Protection Regulation (GDPR) is expected to set a new standard for consumer rights regarding their data, but compliance will be challenging as this is very different to previous data protection legislation.

Compliance will cause some concerns and new expectations of security teams. For example, the GDPR takes a wide view of what constitutes personal identification information. Companies will need the same level of protection for things like an individual’s IP address or cookie data as they do for name, address and Social Security number.

More information can be found here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protectio...

I am already being asked by email to update my preferences. Pentillie Castle have asked " dont let us tidy you away by mistake" , and am being asked to still subscribe.

Data that needs protection includes: 

• Basic identity information such as name, address and ID numbers
• Web data such as location, IP address, cookie data and RFID tags
• Health and genetic data
• Biometric data
• Racial or ethnic data
• Political opinions
• Sexual orientation

It is essential to take time to ensure that your business is GDPR compliant. Attached is a 12 step guide, and more information is available from the Information Commisioner's Office.