General Data Protection Regulation GDPR

The General Data Protection Regulation (GDPR )

The General Data Protection Regulation (GDPR) is coming into effect in a few months and you should now review your existing business practices so that you have adequate time to implement the necessary changes to ensure that you are compliant. Non-compliance can lead to fines, but in reality it is your reputation that will suffer the most. Once you know what needs to be done, you’ll need to (i) update your standard terms and privacy policy for new clients you engage with, and (ii) amend any existing client contracts so that they are compliant with the new rules.
Very broad overview
  • The GDPR comes into effect on 25 May 2018. As an EU regulation it takes effect directly in EU states, meaning you need to comply with it. It does allow EU states to make it clear how it applies in a country, and this is what the new Data Protection Bill 2017 (DPB) seeks to achieve. Both need to be read side by side for a full understanding of what you need to do to ensure compliance.
  • The GDPR applies to “data controllers” and “data processors”. The difference lies between who controls the data overall, and who possesses it at any given time.
  • Under the previous rules, processors were not governed too heavily. This has changed with the GDPR, and processors now have a number of additional obligations.
  • The rules apply specifically to “personal data” which is information relating to an identifiable person who can be directly or indirectly identified by reference to a specific identifier. This is a very general definition which includes names, reference numbers, location data, browser data, etc. Essentially, anything that can be used to collect information about a user.
  • The overall principle of the GDPR is to promote transparency of how personal data is processed and the ensure “data protection by design” and “by default” in your business model and software architecture.
  • The DPB adds additional provisions about immigration, law enforcement information sharing, national security and the operation of the ICO (the information commissioner’s office, which governs and enforces data protection rules in the UK).

If you would like some tailored advice, relevant to your business then please contact us on 020 8579 1345

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply