The General Data Protection Regulation (GDPR) is a proposed set of rules which aim to implement a stricter and more uniform data privacy regime right across the European Union. The EU institutions agreed on the scope and detail of the GDPR towards the end of 2015 and it is due to come into force on 25 May 2018. It will replace the 1995 Data Protection Directive — implemented in the UK by the Data Protection Act (DPA) — and will supersede the privacy laws of every EU state with immediate effect.
What are the Key Points of GDPR?
Whereas current data protection regulations only apply to data controllers, the GDPR will extend obligations to data processors, including requirements to:
• Carry out regular data protection impact assessments;
• Implement appropriate security standards and maintain adequate documentation; and
• Appoint a data protection officer (for public authorities or controllers and processors who process large scale and/or sensitive personal data).
Click here to access the full whitepaper.