The EU’s General Data Protection Regulation (GDPR) is the result of four years of work by the EU to bring data protection legislation into line with new, previously unforeseen ways that data is now used.
Currently, the UK relies on the Data Protection Act 1998, but this will be superseded by the new legislation. GDPR introduces tougher fines for non-compliance and breaches, and gives people more say over what companies can do with their data. It also makes data protection rules more or less identical throughout the EU.
The GDPR will apply in all EU member states from 25 May 2018. Because GDPR is a regulation, not a directive, the UK does not need to draw up new legislation – instead, it will apply automatically. While it came into force on 24 May 2016, after all parts of the EU agreed to the final text, businesses and organisations have until 25 May 2018 until the law actually applies to them.
To help organisations comply with GDPR we have listed below a few resources to help you understand GDPR better and how you can make sure your organisation complies with GDPR.
- Guide to the General Data Protection Regulation (GDPR)
- What is GDPR? Everything you need to know
- Preparing for the General Data Protection Regulation (GDPR) 12 steps to take now
- The journey to GDPR compliance
- GDPR assessment tool