The UK might be in the thick of negotiating Brexit but there is one piece of European legislation that is going to affect anyone doing business within the EU whatever the outcome of those talks is.
It will give citizens greater control over their own personal data and will introduce tougher penalties for non-compliance and data breaches. And it comes into force before any Brexit deal is likely to be struck so, in the short term at least, it will affect every business that holds any kind of personal data.
With a year to go, it is important to make sure you are well prepared for the changes that the GDPR will bring. Over the next few weeks, we will share a series of blogs, whitepapers and ebooks which will take a closer look at what the implications are, answer the big questions and advise you on how best to prepare.
Let’s start with the basics.
What is the GDPR?
To give its official title, the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
While the GDPR actually came into force on 24 May 2016, after the final text was agreed, businesses and organisations in EU member states have until 25 May 2018 to fully comply. As the GDPR is a regulation and not a directive it will supersede the Data Protection Act 1998 in the UK.
Why is the GDPR important?
The GDPR comes at a time when UK businesses are already being urged by government to take cyber security and data protection much more seriously, and the penalties for non-compliance with the GDPR will be severe. Organisations can be fined up to 4% of annual global turnover or a maximum of €20 million for the most serious infringements. No organisation wants to incur such fines so it is important to check if you are affected by the new rules and to make sure you are well prepared.
The rules around data protection in Europe have not been updated for over 20 years during which time how we use and access data has changed in ways we could never have predicted, so the GDPR is going to have a major impact on how organisations operate.
Take a look at our infographic GDPR – A quick guide to compliance for an overview of how the new rules could affect you.
NB. (If you are looking for specific legal advice about the GDPR then please contact a lawyer)