The General Data Protection Regulation (GDPR) was passed by the European Union on 14th April 2016, and replaces the Data Protection Directive 95/46/EC, with organisations having been given a two-year lead in period to become compliant.

Enforcement begins on the 25th May 2018, and any organization that does business with EU citizens must comply with the GDPR’s expanded and more stringent data protection rules beyond this date. Fines for breaking the law are up to 4% of global revenues or €20 million, whichever is greater, enough to put many firms out of business altogether.

The type of personal data held by a company that will be covered by this regulation includes any information that can be used to directly or indirectly identify the person. This could be anything from their name, their photograph, their email address, bank details, posts on social networking websites, medical information, or even a computer IP address.

The implications of GDPR for many organisations are far reaching, with public authorities and organizations that engage in large scale processing of sensitive personal data, or large scale systematic monitoring, required to appoint a Data Protection Officer (DPO).

Data security is another key component of GDPR, and under the new regulation, aggrieved data subjects can sue firms for failing to secure their personal data properly, something every company will now have to consider seriously when planning their IT infrastructure and security.

For more information about the General Data Protection Regulation (GDPR) with respect to your IT infrastructure and security, please contact Rod at RML on 01223 873747.