The UK GDPR applies to all information that is processed automatically – everything held electronically is covered. Any data stored in a structured filing system is also covered, and the structure doesn’t have to be very sophisticated. As long as it allows for personal data to be retrieved easily, all of that data is in scope as well. But what about paper documents, piles of business cards and post-it notes? Are they covered?

It depends! Yay, confetti falls down from the ceiling.

For some organisations, the answer is a flat no, but for others, it’s more complicated, On this short, entertaining course, I’ll explain all the details – what is a filing system, how do you work out whether you’re looking at one, and what is the ‘temp test’? It’s weirdly different for the public and private sectors, and there’s a bit of complexity to iron out, but I cover it all.