What is the General Data Protection Regulation (GDPR)?
After more than four years of discussion and negotiation, GDPR was adopted by both the European Parliament and the European Council in April 2016. The underpinning regulation and directive were published at the end of that month.
With an enforcement date of May 25, 2018, the GDPR is designed to unify data privacy requirements across the European Union (EU). If you market to or process the information of EU Data Subjects – which include end users, clients and employees.
GDPR will bring outdated personal data laws across the EU up to speed with an increasingly digital era. The previous data protection laws were put in place during the 1990s and haven't been able to keep pace with the levels of technological change.
When GDPR starts to be enforced by data protection authorities it will alter how businesses and public sector organisations can handle the information of their customers. GDPR also boosts the rights of individuals and gives them more control over their information.
Each member state in the EU operates under the current 1995 data protection regulation and has its own national laws. In the UK, the current Data Protection Act 1998 sets out how your personal information can be used by companies, government and other organisations.
GDPR changes how personal data can be used. Its provisions in the UK will be covered by a new Data Protection Bill, which has now been published by the government.
Individuals, organisations, and companies that are either 'controllers' or 'processors' of personal data will be covered by the GDPR. "If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR," the ICO says on its website. https://ico.org.uk
Both personal data and sensitive personal data are covered by GDPR. Personal data, a complex category of information, broadly means a piece of information that can be used to identify a person. This can be a name, address, IP address... you name it. Sensitive personal data encompasses genetic data, information about religious and political views, sexual orientation, and more.
In the full text of GDPR there are 99 articles setting out the rights of individuals and obligations placed on organisations covered by the regulation. These include allowing people to have easier access to the data companies hold about them, a new fines regime and a clear responsibility for organisations to obtain the consent of people they collect information about.
WHEN DOES THE NEW REGULATION START?
May 25, 2018
WHO WILL ENFORCE IT IN THE UK?
The Information Commissioner's Office
There are new rights for people to access the information companies hold about them, obligations for better data management for businesses, and a new regime of fines
DOES BREXIT MATTER?
The UK is implementing a new Data Protection Bill which largely includes all the provisions of the GDPR. There are some small changes, but our own law will be largely the same.