General Data Protection Regulation

The General Data Protection Regulation (GDPR) is deemed to be the biggest shake-up in data protection to date and will have an impact on all UK businesses.

It will raise the bar for security, privacy rights and compliance when it comes to keeping your clients' information safe and secure.

The GDPR is designed to "harmonise" data privacy laws across Europe, including the UK Data Protection Act (1998), while also providing individuals with greater protection and rights in the digital domain.

From a business perspective, it means more accountability of what you do with other people's data, especially in terms of how you use it, interact with it and store it.

It will also give clients new rights, with individuals receiving more control over all their personal data as well as extra security and controls to protect data.

When does it take effect?

The GDPR comes into force on 25 May 2018 and will apply to all organisations in the EU, including the UK and regardless of the Brexit vote.

Penalties

Sanctions of £20 million or 4% of your annual turnover, whichever is higher, are in place for non-compliance.

These potential punishments are at the discretion of the Information Commissioner's Office (ICO), the UK's independent authority set up to uphold information rights in the public interest.

However, the ICO states that fines under the GDPR will be necessary, proportionate, and only ever applied as a last resort.

This is something for businesses to be aware of, we do not offer advice on GDPR.