- [Narrator] GDPR stands for General Data Protection Regulation. It's a law concerning the handling, storage, use, and processing of personal data, and represents the biggest change in data protection laws for our generation. 

Protection of personal data is considered to be a human right. GDPR increases the rights of individuals whose data is being processed. It extends the protections under existing laws. For example, broadening the definition of personal data to include new technology. 

Every organization handling personal data needs to be fully compliant with the regulation. Compliance with the regulation is mandatory, and applies to our group and global activities. We need to demonstrate compliance with evidence. 

GDPR principles require to be embedded in our policies, procedures, and ways of working. Transparency is key. Failure to comply with the regulation can result in fines of up to 20 million euro, or 4 percent of global turnover, whichever is higher, to say nothing of the cost reputational damage will incur. 

Personal data has a broad meaning. It covers anything that an individual can be identified from. This can be an individual's name, their email address, the IP address of the device they are accessing the internet from. Online behaviors, such as how individuals interact with websites, and their browsing patterns or preferences. 

Individuals will have rights such as having access to records, restricting processing, objecting to processing, to be forgotten, and the meaning of consent has changed to a freely given indication of a person's wishes, given by a clear affirmative action. If a person requires information or action regarding their data, organizations must respond without undue delay at no later than one month from receipt. 

Everyone in your organization has a responsibility to adhere to the regulation, including managing data security breaches securely. A data security breach is the accidental or unlawful destruction, loss, unauthorized disclosure of, or access to personal data. You need to be able to recognize a security breach and report this via your organization's reporting structure. Proper use of personal data is everyone in your organization's responsibility. We need you to play your part in making this happen. © 2022 Mind Tools by Emerald Works Limited.