GDPR (General Data Protection Regulations) are new EU regulations which will make the current Data Protection regulations much stronger. GDPR comes into force in May 2018 and, if breached, could result in a fine of up to 4% of global turnover.
Respect for privacy, security of data and awareness of breaches will be key. Organisations have a duty to report a breach within 72 hours. If that breach is potentially of high privacy risk, then affected individuals should also be advised of the data breach. This is a significant change to the current Data Protection regime in the UK.
The definition of personal data has been extended and includes anything that could be used to identify an individual. This includes, for example, genetic data and even IP addresses. The GDPR will be more robust in its protection of data than anything we have previously seen and businesses will be more accountable.
More detailed information can be found on the Information Commissioners Office website
Will GDPR still apply post Brexit?
The regulations will still affect UK organisations despite Brexit. The UK government and the Information Commissioners Office (ICO) have indicated that, even if they don’t continue with GDPR after Brexit, they will be looking for something equally as robust. Similarly, if you are processing the information of EU nationals or trading across the EU, then you will need to abide by its regulations.
Will my organisation be affected?
Every organisation processing personal data must carry out safeguards against loss, theft and unauthorised access. This applies to all organisations from Corporates and SMEs, to charities, healthcare providers and councils.