The need for the General Data Protection Regulation (GDPR)
During the second half of the 20th century, businesses, organisations and the government began using computers to store information about their customers, clients and staff in databases. For example:
- names
- addresses
- contact information
- employment history
- medical conditions
- convictions
- credit history
Databases are easily accessed, searched and edited. It鈥檚 also far easier to cross reference information stored in two or more databases than if the records were paper-based. The computers on which databases resided were often networked. This allowed for organisation-wide access to databases and offered an easy way to share information with other organisations.
Misuse and unauthorised access to information
With more and more organisations using computers to store and process personal information there was a danger the information could be misused or get into the wrong hands. A number of concerns arose:
- Who could access this information?
- How accurate was the information?
- Could it be easily copied?
- Was it possible to store information about a person without the individual鈥檚 knowledge or permission?
- Was a record kept of any changes made to information?