Welcome to the first instalment in our mini-series of blog posts on the General Data Protection Regulation.
The General Data Protection Regulation (GDPR) will come into force on 25 May 2018 and will replace the current UK legislation, the Data Protection Act 1998 (DPA).
The GDPR will take over the governance of data privacy and security, imposing significant obligations and potential penalties on businesses and public bodies that generate and process personal data.
There is only one year left to ensure GDPR compliance!
The GDPR will take effect from Friday 25 May 2018, on which date the DPA will fall away.
The GDPR’s application to the UK will not be affected by Brexit.
In 1985, the legislative powers-that-be acknowledged the ever-increasing need for regulation around data security and privacy. Ten years of discussions culminated in the implementation of the Data Protection Directive 1995, a piece of EU legislation which found its way into English law via the DPA in 1998.
The data-driven world we live in is vastly different to the way it was in 1985, and the way it was when the DPA took effect almost two decades ago. Over the past 30 years we’ve seen the rise of e-commerce, the global use of emails as one of the key forms of communication and the introduction of social media in a way that has revolutionised data sharing opportunities. We continue to march towards the interconnected, ‘always on’ reality of the Internet of Things (IoT), whereby everyday items like fridges, lightbulbs and fashion accessories connect to the internet and each other.
The GDPR will bridge the gap between 1985 and 2018 and will reflect the significant technological advances that have taken place, affording greater protection to individuals and placing greater obligations on businesses.
Find out more...
To help businesses prepare for the introduction of the GDPR, we will publish a mini-series of blogs over the coming months. Topics will include:
- The meaning of “personal data” and “processing” under the GDPR;
- What constitutes “consent”;
- Remedies, liabilities and fines – a warning to businesses;
- The right to be forgotten;
- Responding to a subject access request – increased rights of individuals;
- Should your business appoint a Data Protection Officer?;
- ICO – a one-stop-shop;
- Brexit and the GDPR; and
- GDPR - how to ensure compliance.
This article was written with the assistance of Anouj Patel.
Disclaimer: Anything posted on this blog is for general information only and is not intended to provide legal advice on any general or specific matter. Please refer to our terms and conditions for further information. Please contact the author of the blog if you would like to discuss the issues raised.