You may have started to see a marked increase in blog posts, articles and general chatter about GDPR in recent months. Although the details have been known about for ages, it comes in to force in a May, and in best ‘Millennium Bug’ tradition, many businesses are only now starting to worry about it.
What is the GDPR anyway?
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
The GDPR will supersede the current UK laws on data protection, which are enforced by the Information Commissioner’s Office (ICO). It introduces tougher fines for non-compliance and breaches, and gives people more say over what companies can do with their data. It also makes data protection rules more or less identical throughout the EU.
But we’re leaving the European Union, I hear you cry! Blue passports, independence from Brussels, rule Britannia! Well, sorry, but that doesn’t matter, because EU laws and regulations will be incorporated in to UK law, and, equally important to our non-European clients, even if data controllers and processors are based outside the EU, the GDPR will still apply to them so long as they’re dealing with data belonging to EU residents. There is little doubt these regulations are with us for the long-term, EU member or not.