What is the General Data Protection Regulation (GDPR)?
The GDPR, or the General Data Protection Regulation, is a new set of regulations put forward by the European Commission. This replaces the previous Data Protection Directive from 1995.
What is the purpose of the General Data Protection Regulation?
The European Commission wants to give back control of personal data to consumers and also unify data protection regulations across the EU. These new regulations have been enforced since May 2018.
The GDPR will be enforced by the Information Commissioners Office (ICO), who can take action against any company or governmental body that fail to adhere since May 2018. Businesses could face considerably higher fines than the previous directive of up to €23 Million, or 4% of their global annual turnover if they don’t meet the GDPR after the deadline.
Who does the General Data Protection Regulation apply to?
- Controllers and Processors of data as defined by the GDPR (similar to the DPA definitions).
- Organisations operating in the EU as well as those outside the EU that offer their products/services to individuals in the EU.
- The GDPR does not apply to activities such as processing covered by the Law Enforcement Directive and involving national security as well as personal/household activities.