The General Data Protection Regulation (GDPR) came into force on 25 May 2018, aiming to harmonise data protection rules across all EU member states.
The UK Government has confirmed that the decision to leave the EU will not affect implementation of the GDPR, and that some provisions of the existing UK Data Protection Act will need to be repealed before the application of GDPR to ensure there are no duplications or contradictions.
At over 200 pages long the GDPR is one of the most wide-ranging pieces of EU legislation in recent years, and the changes it brings are substantial.
Organisations, big and small, are required to fulfil many new obligations.
Signifcantly, the GDPR not only applies to processing carried out by organisations operating within the EU, it also applies to organisations outside the EU that offer goods and services to EU citizens.
However, the regulation does not apply to certain activities, including processing covered by the Law Enforcement Directive, processing for the purposes of national security and processing carried out by individuals solely for persona/household activities.
The Data Protection Network has a number of resources to help you prepare for the Regulation:
Guidance on GDPR
In the UK the Information Commissioner’s Office says it is committed to to helping organisations prepare for GDPR – Guidance: What to expect and when
At a European level guidance on GDPR is being published by the Article 29 Working Party
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.