Data Protection in a Nutshell – A Quick Reference Guide

Introduction

The Data Protection Law applies to a wide range of entities, including small businesses, volunteer organizations, strata plans, churches, clubs and associations, charities, public authorities, etc. They may come in all different sizes, and may process different types of personal information which carry different levels of risks for the privacy of the individuals whose information they hold.

This guidance is intended for entities that do not deal with sensitive types of personal information which would permit more than a superficial insight into the individuals’ characteristics, such as:

  • behaviour (e.g. through profiling),
  • finances,
  • race or ethnicity,
  • political opinions,
  • religious or similar beliefs,
  • trade union membership,
  • genetic data,
  • physical or mental health and conditions,
  • medical data,
  • sex life,
  • proceedings for any offence, or commission or alleged commission thereof.

If your business or organization does not hold personal information that gives more than a superficial insight into the above matters, this guidance applies to you.

If your business or organization does hold personal information that gives meaningful insight into the above matters, you should consult our in-depth Guide for Data Controllers.

This document is intended as a quick reference tool. It provides a walkthrough of data protection law and can serve as a refresher to the in-depth guidance available on our website. There is also an easy to use checklist with which you can assess your organization against the requirements put forward by the Data Protection Law (the DPL).

Last update: 11 February 2019

Previous Next