What is GDPR?

The General Data Protection Regulation comes into force on the 25th May 2018. Here, Support Services Director David Leitch explains what GDPR is.

GDPR was adopted by the European Parliament in April 2016.

In the UK, the current Data Protection Act 1998 sets out how your personal information can be used by companies, government, and organisations.

GDPR changes how personal data can be used. Both personal data and sensitive personal data are covered by GDPR. Personal data, a complex category of information, broadly means a piece of information that can be used to identify a person. Companies covered by the GDPR will be more accountable for their handling of people's personal information, this means organisations need to implement vigorous data protection policies and possess relevant documents on how data is processed.

As well as putting new obligations on the companies and organisations collecting personal data, the GDPR also gives individuals a more power to access the information that's held about them.

One of the most talked about elements of the GDPR is the power for regulators to fine businesses that don't comply with it.

GDPR states offences with serious consequences can have fines of up to €20 million or four percent of a firm's global turnover (whichever is greater).

GDPR will have a varying impact on businesses and organisations, to help prepare for the start of GDPR, certain steps such as making senior business leaders aware of the regulation, determining which information is held, updating procedures around subject access requests, and what should happen in the event of a data breach must be implemented.

Read our privacy policy

Read our GDPR policy

Website designed by Adept