The General Data Protection Regulation
Posted: 20th March 2017
The General Data Protection Regulation (GDPR) will come into effect on 25 May 2018 and will affect many businesses in the UK. The UK's decision to leave the European Union will not have any immediate effect on the application of the GDPR.
The legislation imposes significant record-keeping requirements for any organisation that processes or controls personal data and the penalties for breaches are significant.
The definition of personal data is wider than under the current legislation and the GDPR requires organisations to show how they comply with it.
In addition, specific information will need to be given to those who whose data is held. See the ICO website for further details.
The Information Commissioner's Office is publishing a series of updates which provide guidance for organisations that will have to comply with the GDPR.