The General Data Protection Regulation (GDPR) is the European Union’s (EU) new data protection law that comes into effect on 25 May 2018.
Implemented throughout the EU, it will govern all businesses operating within the union and embed a more consistent approach to data protection. Companies that trade with EU based businesses will also be impacted and will need to know what’s changing and how to comply.
So why is data protection legislation transforming?
Since 1995, the Data Protection Directive (Directive 95/46/EC) has determined how individuals’ personal data is protected within the EU. However, since its inception there have been vast developments in the sophistication and scale of data creation and gathering – for example through the emergence of social media, cloud computing and geolocation services. As the directive predates these developments, it’s no longer suitable to govern the current data landscape; it needs to be refreshed to address modern privacy concerns and facilitate consistency across the EU. This is what the GDPR will do.
The new regulation introduces a huge range of changes. In this article, we outline what those changes are, what this means for your business and how to get ready for the GDPR.
Alternatively, view our infographic [ 291 kb ] summarising the GDPR and the questions you can ask yourself as you start to prepare.
For more information, contact our Head of Technology Risk Services, Mario Joannou.