The EU General Data Protection Regulation (GDPR)
The EU’s General Data Protection Regulation (GDPR) will apply from 25 May 2018, when it supersedes the UK Data Protection Act 1998. Significant and wide-reaching in scope, the new law brings a 21st-century approach to data protection. It expands the rights of individuals to control how their personal information is collected and processed and places a range of new obligations on organisations to be more accountable for data protection.
Deadline for compliance: 25 May 2018
Compliance is not a choice and time is short
GDPR compliance is not just a matter of ticking a few boxes; the Regulation demands that you be able to demonstrate compliance with the data protection principles. This involves taking a risk-based approach to data protection, ensuring appropriate policies and procedures are in place to deal with the transparency, accountability and individuals’ rights provisions, as well as building a workplace culture of data privacy and security.
With the appropriate compliance framework in place, not only will you be able to avoid significant fines and reputational damage, you will also be able to show customers that you are trustworthy and responsible, and derive added value from the data you hold.
The business benefits of the GDPR
- Build customer trust
- Improve brand image and reputation
- Improve data governance
- Improve information security
- Improve competitive advantage
The key elements of the GDPR
The GDPR applies to personal data. This is any information that can directly or indirectly identify a natural person and can be in any format.
The Regulation places much stronger controls on the processing of special categories of personal data. The inclusion of genetic and biometric data is new.
The GDPR applies to all EU organisations – whether commercial business, charity or public authority – that collect, store or process the personal data of individuals residing in the EU, even if they’re not EU citizens.
Organisations based outside the EU that offer goods or services to EU residents, monitor their behaviour or process their personal data will be subject to the GDPR.
Service providers (data processors) that process data on behalf of an organisation come under the remit of the GDPR and will have specific compliance obligations. An example might be a company that processes your payroll or a Cloud provider that offers data storage.
Speak to an advisor
Please contact our GDPR team for advice and guidance on our products and services.