GDPR - General Data Protection Regulation
The General Data Protection Regulation (GDPR) comes into effect in the UK on 25 May 2018. The GDPR and the forthcoming Data Protection Act (DPA) 2018, which has yet to be finalised, will replace the current Data Protection Act.
What is the GDPR?
The GDPR was designed to harmonise data privacy laws across Europe. The aim is to protect citizens from privacy and data breaches.
The current DPA dates from the 1990s when organisations held much less data on individuals. As the amount of data held has increased and technology has advanced, so has the risk of cyber crime and data breaches. The GDPR aims to address gaps in current legislation by providing a framework with greater scope and tougher punishments for those who fail to comply.
The key principles of the current DPA remain unchanged, but some areas of legislation have been strengthened.
Like the DPA, the GDPR applies to ‘controllers’ and ‘processors’ of data – a controller says how and why personal data is processed and the processor acts on the controller’s behalf. Practices are data controllers