GDPR - EU General Data Protection Regulation

Understand the EU’s new legislation and how it will effect you.

When will the law be introduced?

The General Data Protection Regulation (GDPR) was translated into UK law on 25th May 2018, via the Data Protection Act 2018. The government has confirmed that Brexit will not affect the new legislation.

Who does GDPR apply to?

The GDPR applies to ‘controllers’ and ‘processors’. The definitions are broadly the same with a few enhancements in key areas such as the introduction of ‘The Right to be Forgotten’, Data Portability, Breach Notifications and Greater Accountability.

If you are a processor, the GDPR will place a greater liability on you if a breach occurs. Controllers have greater responsibility to ensure contract with processors are operated correctly.

The GDPR does not apply to certain activities including;

  • Processing covered by the Law Enforcement Directive.
  • Processing for National Security purposes.
  • Processing carried out by individuals purely for personal or household activities.

There are further obligations under The Electronic Commerce (EC Directive) Regulations 2002, these specifically deal with online selling and buying activities through eCommerce functionality.