The General Data Protection Regulation (GDPR) is the new legal framework from the European Union (EU) regarding data protection and is due to officially come into effect on 25th May 2018.
This new regulation is designed to standardise data protection across Europe and strengthen current regulations in line with the new and previously unseen ways personal data is now used by organisations. In short, the GDPR will give individuals greater control over how organisations collect, store and process their personal data, and will introduce stricter financial penalties for firms who fail to comply or who suffer a personal data breach.
The UK currently relies on the Data Protection Act, which was enacted in 1998, but the GDPR will supersede this. Despite the fact that the UK has triggered Article 50, formally marking the start of the UK's withdrawal from the European Union (EU), businesses will still need to prepare as the regulation applies to any business which handles EU citizens' data, regardless of where they located globally.
Furthermore, the UK plans to enact its own Data Protection Bill which, according to a statement from Digital Minister Matt Hancock, will "bring the European Union's General Data Protection Regulation (GDPR) into UK law, helping Britain prepare for a successful Brexit", so it makes sense to start preparations now.
The GDPR will introduce a duty on all organisation to report certain types of data breach to the relevant supervisory authority and, in some cases, affect individuals.
Understandably your business will have many types of data living across various systems and platforms so achieving GDPR compliance may seem like a daunting task. The best place to begin is simply by understanding what data you have, where is resides, who has access to it and how it is used. Our Audit will help you get started on your journey to compliance and ensure you take the right next steps.