New data protection rules from General Data Protection Regulation – GDPR, will replace the Data Protection Act in the UK from 25 May 2018.
The General Data Protection Regulations are designed to safeguard personal data of citizens from EU member states. Particular emphasis is on transparency and accountability. It applies to all businesses in the EU and non-compliance will lead to substantial fines.
The new GDPR is a regulation which is intended to strengthen and unify data protection for all individuals within the European Union (EU). The regulation will become a law without exception in the UK from 25 May 2018. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of theGeneral Data Protection Regulation.
The government has also confirmed that the UK will replace the 1988 Data Protection Act (DPA) with legislation that mirrors GDPR, post-Brexit. This means that any business, big or small, will be required to comply with General Data Protection Regulation – which deals with secure collection, storage and usage of clients’ personal data.
Failure to comply with the regulation can result in heavy fines of up to €20 million or 4% of the businesses’ annual turnover (whichever is higher amount).
The Information Commissioners office has produced a Guide to GDPR which explains the provisions of the General Data Protection Regulation to help organisations comply with its requirements. It is for those who have day-to-day responsibility for data protection.
This is a living document and we are working to expand it in key areas. It includes links to relevant sections of the GDPR itself, to other ICO guidance and to guidance produced by the EU’s Article 29 Working Party. The Working Party includes representatives of the data protection authorities from each EU member state, and the ICO is the UK’s representative.
Alongside the Guide to the GDPR, the ICO have produced a number of tools to help organisations to prepare for the GDPR:
To read the guide please click the link below.