GDPR Changes for May 2018
In April 2016, the EU Parliament approved the General Data Protection Regulation (GDPR) after four years of discussion, debate, consultation and drafting. This new legislation is a considerable advance on the protection of personal data and respect for privacy. It accounts for, and has been drafted in the context of multi-national global corporations operating without borders across the internet.
In the UK, it will replace the Data Protection Act 1998 (DPA) and will take effect within two years, with a deadline now announced of 25 May 2018. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
The GDPR applies to ‘controllers’ and ‘processors’. It also applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
Like the DPA, the GDPR applies to ‘personal data’. However, the GDPR’s definition is more detailed and makes it clear that information such as an online identifier – eg an IP address – can be personal data. The GDPR also refers to sensitive personal data as “special categories of personal data”. These categories are broadly the same as those in the DPA, but there are some minor changes.
Most significantly, under GDPR, the Information Commissioner’s Office is given the ability to fine up to 20M EUR or 4% of global turnover for breaches (whichever is higher). This is a 30-fold increase on the current provision, and a significant escalation of risk to an organisation due to non-compliance with the legislation. It is crucial that the next stage of any IT security work which aims to address the protection of personal data is fully supported.
More information is available https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
If you have any questions regarding your membership with us, please do not hesitate to call us on 0203 018 0023
We look forward to hearing from you soon.
Leaders can become better and more innovative if they deliver and undertake CPD to create a strong business culture and inclusive work environment. Here’s what the CPDSO think. Read more…