The General Data Protection Regulation (GDPR) came into force on 25 May 2018. This is a new legislation, enforced by the European Commission, which aims to strengthen and unify data protection for individuals within the European Union (EU), whilst also addressing the use and dissemination of personal data outside the EU.
The two main objectives of GDPR are to:
1) give individuals back control of their personal data
2) simplify the regulatory environment for international business by unifying the regulation within the EU
The key changes of GDPR from the Data Protection Act 1998 fall under the following areas:
To understand the full details for each of these areas take a look at the EU GDPR website.
GDPR is intended for every business that collects and stores data and the GDPR recognises that smaller businesses need to be treated differently to large or public companies. Article 30 of the regulation declares that organisations with fewer than 250 employees do not need to strictly follow GDPR. That said though, when you read the stipulations, it is highly recommended that they do.
The penalties for not being compliant are high; including individuals being able to seek for compensation from businesses that abuse their data. This applies to both large and small companies.
How will this change when we leave the EU?
Although the UK has voted to leave the EU, UK businesses will need to follow these regulations if the data they handle is about EU individuals. GDPR replaces the UK 1988 Data Protection Act (DPA), and will continue to do so once Brexit has been implemented.
Perfect Layout hopes that this article has helped you to understand some basics about GDPR and has signposted you to some useful resources. We highlight to all our clients the importance of GDPR, especially when it comes to collecting data via their websites. If you have any question, give us a call on 01708 578 015.