From 25 May 2018, a new European General Data Protection Regulation (the “GDPR”) will apply and change the rules applicable to businesses that process “personal data” such as customer and employee data. Organisations will need to consider implementing new procedures in order to comply.
Levels of concern in business appear to be rising, as the date for the roll out of the new EU Data Protection regulations, known as GDPR, was announced (May 25, 2018, by the way). Social media were alight with comment and speculation and many people were questioning if a potential Brexit could impact the uptake of the regulations in the UK. The bottom line is, we have our own Data Protection Act, which will remain and it is not possible to rule out the adoption of best practice guidelines, regardless of any potential Brexit outcome.
The data and cyber regulatory regime in the EU – which includes, for the time being at least, the UK – is undergoing a very significant shake-up. The new General Data Protection Regulation which will come into force on 25 May 2018 will bring a number of new measures into play such as much increased fines (up to the higher of 4% of annual worldwide turnover or 20 million euros, in some cases) and mandatory reporting of most data security breaches.