GDPR IS COMING BUT WHAT IS IT?
The General Data Protection Regulation (“GDPR”) is the new legal framework that will replace the Data Protection Act in the UK from 25 May 2018.
EU Regulations have direct effect in all EU Member States, meaning the GDPR will take precedence over any national laws. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
Unlike the EU Directive 95/46 personal data protection rules, the GDPR also affects any companies outside of the EU that offer goods or services to individuals in the EU or that monitor their behaviour within the EU. For example, website hosting companies in the US that host sites accessible by individuals in the EU are directly affected.
The GDPR has massive implications for every department of many businesses worldwide. Some might need to employ or assign a Data Protection Officer, for example. Nearly all will need to put in place additional practices and safeguards.
Failure to comply with the new regulations may result in heavy fines of up to €20 million or 4% of the businesses’ annual turnover (whichever is higher amount).
For more information visit the Information Commissioner’s Office website: ICO guide to GDPR