What is the GDPR 


The General Data Protection Regulation (GDPR)


What is it?


This come into force on 25 May 2018. So now, businesses need to look carefully at their data processing and security to ensure compliance.

GDPR aims to make the digital marketplace safer for consumers across Europe - and makes it easier for them to exercise their rights (e.g. the right to be forgotten). In many areas, it enhances and extends the obligations that exist already in DPA, but there are some important new features, too.

Chief among these is the new reporting requirement. Essentially all organisations will be required to report cyber security incidents involving loss or compromise of personal data to the regulatory authority (i.e. the ICO in the UK).

Who does it apply to?


Anyone who is collecting, storing and processing the personal data of EU residents i.e. data controllers and data processors.


What does it mean for your business?


  • Data portability, accountability and consent. GDPR enhances the rights of individuals to access their data, to have it transferred and to have it erased. Meanwhile, a newly bolstered principle of accountability requires you to demonstrate that data has been processed in an appropriate manner. It may mean updating your internal procedures to ensure that all of this is possible.
  • Safeguards: are they “state of the art” and “appropriate?”. Compliance isn’t a one-off event. In areas such as threat monitoring, upgrading your security programme and staff training, you are obliged to be proactive with risk management.
  • Visibility. A cyber security compromise won’t automatically lead to a fine - but the circumstances surrounding that breach might. Whether or not your infrastructure undergoes regular security testing and the extent to which you can quickly identify, report and rectify breaches will all determine the outcome of any investigation.


For the most serious breaches, fines of up to the equivalent of 4% of the organisation’s worldwide annual turnover.


Useful Links


Overview of the General Data Protection Regulation (GDPR)


GDPR: 12 steps to take now