GDPR

GDPR came into force on 25 May 2018, and while many of the principles in the new legislation are similar to those in the current Data Protection Act, failure to comply means organisations will face heavy fines.

The aim of the GDPR is to protect all EU citizens from privacy and data breaches, in an increasingly data-driven world that is vastly different from 1995, when the EU previous directive was established.

The GDPR extends the data rights of individuals and requires organisations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organisational measures and be able to demonstrate compliance.

• The regulation came into force on 25 May 2018
• GDPR applies to all businesses processing and holding the personal information of data subjects residing in the European Union, regardless of the business’ location
• Organisations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million
• It is the most important change in data privacy regulation in 20 years
• GDPR is wider reaching and will take some time and attention – so better to start early if you want to ensure compliance

We have put together the following list of definitions and acronyms which we know come up a lot within the information provided:

• GDPR - General Data Protection Regulation
• DPA - Data Protection Act 1998 (UK)
• EU - European Union
• ICO - Information Commissioner’s Office (UK supervisory authority)

The Information Commissioner has published a 12-step guide to encourage businesses to prepare, click here, which highlights the key steps to take now.