A new EU data protection framework, the General Data Protection Regulation (GDPR), was adopted
on 8 April 2016.
From 25 May 2018, GDPR will affect the whole of the EU covering half a billion citizens. Its goal is to
unify data protection across the EU. It has many similarities with the existing UK Data Protection Act
1998 (DPA).
Government has confirmed that the decision to leave the EU will not impact the GDPR taking effect
next year. The GDPR will apply to companies within the EU, but also companies which are not based
in the EU but continue to sell goods and services to EU residents.
Data Protection in a complex area, this piece is only intended as an introduction to the areas which
you need to consider. If you currently must comply with the DPA, then it is very probable that the
new GDPR will impact your business and the new guidelines will need to be adhered to.
GDPR uses the same terminology as the DPA, and refers to ‘controllers’ (person(s) in charge of data
records) and data ‘processors’ (those who process data for the controller). It places greater
responsibility and legal liability on both processors and controllers to ensure data guidelines are
followed and that security of personal, or general data is not breached.
It is vital that those with responsibility for managing data understand the new requirements. Failure
to comply could result in a hefty fine (up to 4% of annual global turnover or €20m (£18.4m).
The Information Commissioner’s Office (ICO) have a helpful overview, if you require further guidance,
please speak with us.