The GDPR (General Data Protection Regulation), which superseded the UK DPA (Data Protection Act) 1998 on 25 May 2018, marks a significant increase in responsibility for all organisations that process personal data.
The Regulation substantially extends the data rights of individuals, and, among other things, requires data controllers and processors to implement appropriate and proportionate technical and organisational measures to protect personal data.
The GDPR defines personal data as any information relating to an identified or identifiable natural person (known as a data subject).
The Regulation is backed by a regime of considerably higher penalties than the DPA 1998 – administrative fines of up to €20 million (approximately £17.5 million) or 4% of annual global turnover (whichever is greater).
It also grants data subjects the right to lodge a complaint with the supervisory authority – the Information Commissioner’s Office in the UK – if they consider that the processing of their personal data infringes the Regulation, and the right to an effective judicial remedy against data controllers and processors if they consider their rights to have been infringed by processing that does not comply with the Regulation.
On top of this, the ICO has the power to “impose a temporary or definitive limitation including a ban on processing”, effectively shutting offending organisations down altogether.
Personal data must be:
You must be able to demonstrate compliance with the GDPR by:
There is a requirement to build effective data protection practices and safeguards from the very beginning of all processing:
You must identify and document a lawful basis for processing personal data:
There are strict rules for obtaining consent:
Organisations must be clear and transparent about how personal data is going to be processed, by whom and why.
The transfer of personal data outside the EU is only allowed:
Appointing a DPO is mandatory for:
A DPO has set tasks:
We offer a range of services that are designed to provide you with the GDPR support you need. Drawing on our extensive experience, we are well-placed to help you quickly, cost-effectively, and without the risk of conflicts of interest. Find out more about our GDPR solutions here:
If you would like more information about our services and what we can do to help you, please get in touch with our team of experts who will be able to assist with your enquiry and provide guidance options.