'Controllers need to let the data subjects know they are processing their data and what they are doing with it'
Q: We have various sensors that collect information about people using a building that I manage. Are these people affected by the General Data Protection Regulation (GDPR), and how can I make sure the way we use the data collected is legal and protects privacy?
A: The starting point of any discussion on information about people is whether what is being collected is ‘personal data’. Personal data is defined for these purposes in the GDPR (bit.ly/dataprotectreg), which was adopted in 2016 by the EU and became law across the union on 25 May 2018. In reality little changed on adoption, because the definition was already embedded in law across the EU as a result of earlier legislation, such as the Data Protection Act 1998 in the UK.
To view the full article, please click here.
This article first appeared in RICS Property Journal January/February 2019