Be prepared for the General Data Protection Regulation (GDPR)
Last Updated: Thursday 1 February

The government has confirmed that the UK will be implementing the GDPR as the UK will still be a member of the EU on 25 May 2018 when it comes into force.

GDPR will replace the Data Protection Act 1998 (DPA) and represents the biggest change to data protection law for 20 years. With some GDPR breaches carrying fines of up to 4% of global annual turnover or 20 million Euros, now is the time to start planning. Individuals have stronger rights to be informed about how organisations use their personal information.

For the first time in data protection law, the GDPR will introduce the requirement of “accountability”. In basic terms, accountability means that organisations will not only be required to comply with data protection requirements, but also that they must demonstrate that they comply.

Many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act, so if you are complying with the current law most of your approach to compliance will remain valid under the GDPR and can be the starting point to build from. However, there are new elements and significant enhancements, so you will have to do some things for the first time and some things differently.

The Information Commissioners Office (ICO) are the UK's independent authority set up to uphold information rights and they are committed to helping organisations improve their practices and prepare for the GDPR.

Visit the Guide to GDPR on the ICO website.

The ICO has also published GDPR 12 steps to take towards compliance.

Site Designed, Hosted and Marketed by BCTec