The GDPR, or General Data Protection Regulation, was first conceived in January of 2012 when the European Commission set out plans for a reform of data protection laws across the EU in order to prepare Europe ‘for the digital age’. Almost four years afterwards, the Commission reached an agreement on what the reform should include and how it will be enforced within the Union.
The GDPR forms a key component of the reformation and applies to organisations in all EU member states, as well as organisations outside of the EU which offer goods or services to customers or businesses within the EU, with implications for businesses and individuals across Europe. The UK government has confirmed already that the UK will be included within the GDPR, bringing us into compliance with the rest of Europe.
Fundamentally, the GDPR is a new set of laws the brings control to citizens over their data. A great deal of our lives revolves around the application of our personal data; almost every service we use collects, analyses and, most importantly, stores our personal data. A breach or compromise of personal data can be potentially catastrophic for any person or business; therefore, it is important that data is sufficiently protected, including giving people control over what is done with their data. The GDPR obliges organisations that collect and manage data to protect it from misuse and exploitation, with penalties of up to €20,000,000 for organisations that abuse the rights of data subjects.
A significant feature of the GDPR is the introduction of Subject Access Requests. Individuals will now have the ability to submit an SAR, which then allows them to access data held on them by an organisation and, if they so wish, have it changed or deleted. Ignoring an SAR constitutes a breach of the GDPR and incurs an associated penalty.
The 25th of May 2018 marks the starting date for the GDPR and all EU member states are expected to have transferred it into their national law by the 6th of May 2018. The UK has implemented this through the publishing of the Data Protection Bill, which closes follows the Data Protection Act of 1998, but incorporates the GDPR and addresses non-EU matters beyond the scope of the GDPR.
We will be working with all our customers to update their policies and contracts to ensure these are GDPR compliant in January 2018.
Back to News