GDPR will be enforced across the European Union and beyond from 25 May 2018. We've included lots of useful information and guidance about how you and your business can prepare for GDPR below.
The requirements under the GDPR are broadly similar to the Data Protection Act 1998 (DPA) but they give additional weight to the rights of the subjects of any data collection, most obviously, in terms of penalties.
If you are already operating good risk management, including being transparent about your data collection and storage and ensuring that your clients have given active consent to any processing operations not covered by one of the other grounds for lawful processing, then GDPR is not likely to be very onerous. But it is worth checking the Lockton website, which has useful guidance on GDPR and what it means for you. You should also check the ICO website and our website for updates, because the precise requirements are likely to evolve over the coming months.
There's also the European Commission’s Article 29 Working Party webpage and you can find the official text of the General Data Protection Regulation at eur-lex.europa.eu.
We're publishing a series of blogs from experts, including members of our Privacy Law Committee, about the key issues and considerations you should take into account.