General Data Protection Regulation

What is General Data Protection Regulation?

General Data Protection Regulation is a regulation set up by the European Parliament in order to strengthen the way in which the personal data of individuals living in the European Union is protected when being stored. Personal data is anything that can directly or indirectly identify a person in any format.

What changes will the new Regulations make to our current Regulations?

On 25 May 2018 new regulations will be implemented, following changes made by the European Union. This will impact greatly on any business that has access to data in the way in which they are obliged to protect it. The new regulations apply if the data processor, controller or data subject is based in the EU. If those are not based in the EU but process information about EU residents the new regulations will also apply. The new regulations will now cover the previous categories of personal data as well as including biometric data and genetic data. This means that the new regulations include things such as IP addresses and a person’s DNA.

The new regulations will give people more options with regards to what a company does with their data. Individuals will also have the right to have their data deleted if the purpose for which it is intended has been fulfilled. Prior to the new regulations, the data protection regulations were made when the internet and cloud technology were not widely available or used. It is hoped the new regulations will make digital data safer.

What will happen if there is a data protection breach?

If these new rules are not complied with, due to lack of adequate IT security leading to a data protection breach, there will be harsh penalties, for example a fine of up to 4% of the company’s worldwide turnover. However, although the new penalties can be much higher, they must still be proportionate to the breach. If there is a breach in a company, that company must inform the data protection authority within 72 hours of becoming aware of the breach. In the UK the data protection authority is the Information Commissioners Office.

Will Brexit have an impact on General Data Protection Regulations in the UK?

Although the Government has chosen to trigger Article 50, the new General Data Protection Regulations will take effect before the UK has left the EU. This means that the UK will still need to comply with these regulations.

If you require more information about the new General Data Protection Regulations, contact Howells employment team today on 0114 249 6666.