The New General Data Protection Regulation

A new EU data protection framework, the General Data Protection Regulation (GDPR), was adopted on 8 April 2016.

From 25 May 2018, GDPR will affect the whole of the EU covering half a billion citizens. Its goal is to unify data protection across the EU. It has many similarities with the existing UK Data Protection Act 1998 (DPA).

Government has confirmed that the decision to leave the EU will not impact the GDPR taking effect next year. The GDPR will apply to companies within the EU, but also companies which are not based in the EU but continue to sell goods and services to EU residents.

Data Protection in a complex area, this piece is only intended as an introduction to the areas which you need to consider. If you currently must comply with the DPA, then it is very probable that the new GDPR will impact your business and the new guidelines will need to be adhered to.

GDPR uses the same terminology as the DPA, and refers to ‘controllers’ (person(s) in charge of data records) and data ‘processors’ (those who process data for the controller). It places greater responsibility and legal liability on both processors and controllers to ensure data guidelines are followed and that security of personal, or general data is not breached.

It is vital that those with responsibility for managing data understand the new requirements. Failure to comply could result in a hefty fine (up to 4% of annual global turnover or €20m (£18.4m).

The Information Commissioner’s Office (ICO) have a helpful overview.