The EU General Data Protection Regulation (GDPR)

From 25 May 2018, the EU General Data Protection Regulation (GDPR) will affect every organisation that processes EU residents’ personally identifiable information (PII). This page provides a breakdown of the key provisions introduced by the new law, which every organisation must be aware of.

About the GDPR
First proposed in January 2012 by the European Commission and formally approved by the European Parliament in April 2016, the GDPR will supersede national laws, unifying data protection and easing the flow of personal data across the 28 EU member states.

The final text of the GDPR can be read here >>
When the GDPR comes into force on 25 May 2018, all organisations that process the personally identifiable information of EU residents will be required to abide by some provisions – detailed below – or face significant penalties.

Penalties
The Regulation mandates considerably tougher penalties than the DPA: breached organisations can expect fines of up to 4% of global annual turnover (NB turnover, not profit) or €20 million – whichever is greater.

Fines of this scale could very easily lead to business insolvency and, in some cases, closure. Data breaches are commonplace and increase in scale and severity every day. As Verizon’s 2016 Data Breach Investigations Report reaffirms, “no locale, industry or organisation is bulletproof when it comes to the compromise of data”, so it is vital that all organisations are aware of their new obligations so that they can prepare accordingly.

For more information on GDPR penalties, click here >>

The key changes introduced by the Regulation
The GDPR introduces a number of key changes for organisations. Click the headers below for more details: