The General Data Protection Regulation or GDPR came into force on the 25 May 2018.

It replaces the Data Protection Act of 1998, and in many ways strengthens the rights of individuals in respect of their personal data, and how it is stored and used.

It will affect all sectors of the population, including business and charities.

The new regime is an evolution in data protection, not a revolution. However, the GDPR like any form of regulation may have an impact on an organisations resources in preparing for any changes.

It demands more of organisations in terms of accountability for their use of personal data and enhances the existing rights of individuals.

The GDPR is building on foundations already in place for the last 20 years.

Most commentators argue that if an organisation is already complying with the terms of the Data Protection Act, and has an effective data governance programme in place, then it is well prepared for the GDPR when it eventually becomes law.

Read our Guidance Note on the Regulation which can be found here.

Read our latest update here.

It is also worth reading the Information Commissioners Office (or ICO) publication about preparing for the GDPR in 12 simple steps. This can be viewed here.