General Data Protection Regulation

We may be leaving the European Union, but a new piece of European Legislation due to come into force in May 2018 will continue to significantly affect the UK, both now and after we leave.  The General Data Protection Regulation or GDPR, supplements the Data Protection Act and introduces additional requirements and responsibilities to UK businesses and organisations.  Financially crippling consequences exist for those that do not put the necessary policies, processes and procedures in place and mishandle peoples’ information.


What is General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a piece of European Legislation that regulates the way peoples’ personal information is collected, stored, managed, used and disposed.  The regulation was introduced on 27 April 2016 and is fully enforceable from 25 May 2018.


Why has the General Data Protection Regulation been introduced?

As a concept the General Data Protection Regulation benefits the European population as individuals.  Its main aim is to ensure that an individual’s personal data is appropriately protected from loss and/or theft.


What’s the worst that can happen?

Tough penalties already exist under the Data Protection Act, but organisations in breach of the General Data Protection can expect even tougher administrative fines of up to 4% of annual global turnover or €20 million – whichever is greater.  This could easily lead to business insolvency.


I’m fine.  This won’t happen to me

Are you sure? Data breaches are now commonplace.  It is not a question of if, but rather when.  The scale and severity of breaches increase everyday, whether as a result of poor information management systems or hacking, and the trend is only likely to continue. A Verizon’s 2016 Data Breach Investigations Report reaffirms, “no locale, industry or organization is bulletproof when it comes to the compromise of data”, so it is essential that all organisations are aware of their new obligations so that they can prepare accordingly.


But I am only a small business, this won’t affect me.

Ask yourself this:

Do you collect email address

Do you collect customer details

Do you currently sell data

Are you sure that your have done all that you can

Have you got the right insurance


What do I need to know:

It affects all businesses and organisations in the UK.

You need to act now to put the policies, Cyber Security Strategies can help.  Find out how.

If your turnover is greater than x, you are vulnerable to ax

You need a Data Protection Officer – Read:

You will need to establish a GDPR management system – Read: How to establish a GDPR Management System.

You will need to ensure you are robustly protected against data loss – Read: How to Protect Yourself From Cyber Attacks.

You need to actively monitor for breaches – Read: How to Monitor For Potential Cyber Attacks.

If you have a breach you need to report it to x within x

If you have a breach you may be subject to a large fine

If you report the breach late, you may be subject to an additional fine

You can insure against breaches – find out how


What about Brexit?  Why can’t I ignore/risk it until we leave?  I will be fine then, right?

Brexit continues to unfold and at the time of righting the future is still not clear.  The regulation seeks to protect the consumer and indWhile we are going through the and business that does business with a European Union Country

You may have heard the term.