The EU General Data Protection Regulation (GDPR)

From 25 May 2018, the EU General Data Protection Regulation (GDPR) will affect every organisation that processes EU residents’ personally identifiable information (PII). This page provides a breakdown of the key provisions introduced by the new law, which every organisation must be aware of.

About the GDPR
First proposed in January 2012 by the European Commission and formally approved by the European Parliament in April 2016, the GDPR will supersede national laws, unifying data protection and easing the flow of personal data across the 28 EU member states.

The final text of the GDPR can be read here >>
When the GDPR comes into force on 25 May 2018, all organisations that process the personally identifiable information of EU residents will be required to abide by some provisions – detailed below – or face significant penalties.

The Regulation mandates considerably tougher penalties than the DPA: breached organisations can expect fines of up to 4% of global annual turnover (NB turnover, not profit) or €20 million – whichever is greater.

Fines of this scale could very easily lead to business insolvency and, in some cases, closure. Data breaches are commonplace and increase in scale and severity every day. As Verizon’s 2016 Data Breach Investigations Report reaffirms, “no locale, industry or organisation is bulletproof when it comes to the compromise of data”, so it is vital that all organisations are aware of their new obligations so that they can prepare accordingly.

For more information on GDPR penalties, click here >>

The key changes introduced by the Regulation
The GDPR introduces a number of key changes for organisations. Click the headers below for more details:

EU GDPR data flow audit
Organisations should have a clear idea of the personal data being held, where it originated from, and who it can be shared with. A data audit is a key part of a data protection compliance regime.

EU GDPR pocket guide
The perfect introduction to the principles of data privacy and the European Union General Data Protection Regulation, this guide, is the ideal resource for anyone wanting a clear, concise primer on data protection.

EU General Data Protection Regulation (GDPR) – An Implementation and Compliance Guide
This comprehensive manual will provide detailed insights into the EU GDPR and offer practical implementation advice on setting up and managing a privacy programme.