From 25 May 2018 the General Data Protection Regulation (GDPR) will apply to all member states in the EU. The GDPR will affect any “data controller” in terms of the Data Protection Act 1998. Some of the key changes to think about include:

  • new reporting requirements for certain data breaches to the Information Commissioner's Office (ICO) within 72 hours and to the affected individuals without undue delay;
  • a clear legal basis for processing personal data;
  • clear consent in certain circumstances in order to process an individual's personal data: this is particularly relevant for marketing communications;
  • new and increased rights of individuals to access their personal data, have their data amended or deleted, restrict the processing of their personal data and object to the processing of their personal data; and
  • an increase in the level of fines for breaches (up to 4% of turnover).

Make sure your business or organisation has taken precautionary measures to comply with the GDPR in advance of 25 May 2018. For more information on how to comply with the provisions of the GDPR, please see the guidance issued by the ICO: