The General Data Protection Regulation (GDPR) will come into effect on 25 May 2018 and will affect many businesses in the UK. The UK’s decision to leave the EU will not have any immediate effect on the application of the GDPR.
The legislation imposes significant record-keeping requirements for any organisation that processes or controls personal data and the penalties for breaches are significant. The definition of personal data is wider than under the current legislation and the GDPR requires organisations to show how they comply with it.
In addition, specific information will need to be given to those who whose data is held. See the ICO website for further details.
The Information Commissioner’s Office is publishing a series of updates which provide guidance for organisations that will have to comply with the GDPR.
The most recent update (January 2017) contains guidance on:
- Data portability
- Lead supervisory authorities
- Data protection officers
Firms that breach the GDPR may pay a heavy penalty. Contact us for guidance on complying with its complex requirements.