Data protection (GDPR)

In May 2018 Europe upgraded to the General Data Protection Regulation (GDPR), the biggest overhaul of data protection and privacy since 1995.

Why you need to know

If you do business in or with Europe, GDPR applies to you, even if you are not located within Europe. It will also apply to UK businesses trading within Europe regardless of Brexit. The rules apply to the data you collect and use within your business as well as the data you collect and use in your web sites and apps.

A healthy approach to data protection and privacy will protect your business as well as your users in these politically uncertain times.

What will it mean for you

GDPR is a refresh and modernisation of the 1995 privacy rules. It upgrades the requirements and safeguards for anyone collecting, processing, storing, and sharing personal data on persons within Europe. The amount of work you will have to do to come into healthy compliance will depend on how familiar you were with the existing data protection and privacy rules. These rules, both old and new, are about everyday business processes, not tick boxes or legal statements.

What about after Brexit?

The UK has enacted GDPR regardless of Brexit and intends to stay aligned to it in the short term future. The UK’s commitment to a healthy standard of privacy in the years after that, as well as a post-Brexit adequacy agreement which would allow data to continue to flow, remains uncertain. GDPR is one piece of a healthy data flow framework, and the UK is not a healthy country by any measure. To read more about the status of data protection after Brexit, please visit my side blog.

Resources