Thursday 22 February 2018
GDPR - General Data Protection Regulation

The General Data Protection Regulation (or GDPR) is a major change to data protection legislation and you need to make sure your organisation is prepared for this overhaul of data security and privacy law.

In this news item, we would briefly explain what the GDPR is, what you need to do to comply and what the penalties for non-compliance are.

The existing Data Protection Directive was introduced in 1995, before widespread use of the internet changed our data environment permanently. Designed to ensure that data legislation across the EU reflects the many new ways that data is used, the GDPR aims to enforce stronger data security amongst organisations that handle personal data and enhance privacy rights of individuals that entrust those organisations with that data. As a consequence, this gives people more say over how their data is handled.

The GDPR will apply to all EU member states from 25 May 2018, which is the final date for organisations to comply. The UK Government has indicated its commitment to the GDPR after Brexit and has already introduced the new Data Protection Bill, which will implement the GDPR in full.

The fines for inadequately protecting data are severe with the most serious infringements attracting fines of up to €20 million or 4% of your annual global turnover, whichever is greater. This is regardless of who is responsible for the breach - even if it is a malicious attacker or third party, your organisation will be responsible for the fine and any resulting reputational damage.

The GDPR aims to ensure that personal data protection and privacy are no longer just an afterthought and are included in all of your systems and processes. Organisations need to show that they value an individual’s privacy, and reflect this in how they handle the data they collect, so the sooner you begin the process the more time you will have to ensure you comply.

Link To Our Gdpr Guide