The General Data Protection Regulation (GDPR) came into force across European Union member states on 25 May 2018.
The UK Government has confirmed that upon leaving the EU, the intention is to implement “UK GDPR” to sit alongside the UK Data Protection Act 2018.
At over 200 pages long the GDPR is one of the most wide-ranging pieces of EU legislation in recent years, and the changes it ushered in were significant.
The GDPR not only applies to processing carried out by organisations operating within the EU, it also applies to organisations outside the EU that offer goods and services to EU citizens, or monitor their behaviour.
However, the regulation does not apply to certain activities, including processing covered by the Law Enforcement Directive, processing for the purposes of national security and processing carried out by individuals solely for personal/household activities.
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.