General Data Protection Regulation (GDPR) 2017

Replacing the UK Data Protection Act 1998, the General Data Protection Regulation (GDPR) will apply in the UK from 25 May 2018. The government has clarified that the UK’s decision to leave the European Union will not impact the enforcement of GDPR. The regulations apply to both ‘controllers’ and ‘processors’, and is inclusive of organisations operating within the EU, as well as those outside of the EU that offer goods or services to individuals in the EU.

Who Does GDPR affect

The Regulation, which became effective on 25 May 2018, is huge in scope, unifying data protection laws across the EU. Apart from a handful of exceptions, no matter what size a company is, it may be subject to the Regulation’s requirements.

Compliance is not a choice

GDPR compliance is not just a matter of ticking a few boxes; the Regulation demands that you be able to demonstrate compliance with its data processing principles, by adopting a risk based approach

Non compliance with your GDPR obligations

Not complying with GDPR can result in fines which can be hefty, up to €20m or 4% of the global turnover. In addition, there may be compensation claims for damages suffered

A live and pro-active approach

The new regulation requires organisations to adopt an active approach to the governance of the personal data they process and develop an ongoing programme of compliance and monitoring that is embedded within and across their activities

New rights under the GDPR

GDPR, albeit an extension of sorts of its predecessor Data Protection Act 1998, aims to strengthen the existing consumer rights by introducing new ones such as those relating to consent, right to be forgotten, right to data portability etc.

Impact on business

GDPR has taken years in the making. It requires privacy through and across organisations. The impact on business is considered wide and far-reaching. We can discuss how it affects your business and what help is available to ensure your business is compliant