Data protection (GDPR)
In May 2018 Europe upgraded to the General Data Protection Regulation (GDPR), the biggest overhaul of data protection and privacy since 1995.
Why you need to know
If you do business in or with Europe, GDPR applies to you, even if you are not located within Europe. It will also apply to UK businesses trading within Europe regardless of Brexit. The rules apply to the data you collect and use within your business as well as the data you collect and use in your web sites and apps.
A healthy approach to data protection and privacy will protect your business as well as your users in these politically uncertain times.
What will it mean for you
GDPR is a refresh and modernisation of the 1995 privacy rules. It upgrades the requirements and safeguards for anyone collecting, processing, storing, and sharing personal data on persons within Europe. The amount of work you will have to do to come into healthy compliance will depend on how familiar you were with the existing data protection and privacy rules. These rules, both old and new, are about everyday business processes, not tick boxes or legal statements.
What about after Brexit?
The UK has enacted GDPR regardless of Brexit and intends to stay aligned to it in the short term future. The UK’s commitment to a healthy standard of privacy in the years after that, as well as a post-Brexit adequacy agreement which would allow data to continue to flow, remains uncertain. GDPR is one piece of a healthy data flow framework, and the UK is not a healthy country by any measure. Other issues, including other European policies on data protection, privacy, adequacy, and data flows, in addition to domestic issues such as mass surveillance, are only beginning to be recognised with a matter of months before the UK, and its digital sector, is taken out of the Digital Single Market. To read more about the status of data protection after Brexit, please visit my side blog.
- By me:
- My guide to compliance for designers and developers
- My guide to compliance for small businesses and startups (Business Gateway)
- Me and Dan Barker’s guide to compliance for e-commerce businesses
- How GDPR will change the way you develop (Smashing Magazine)
- Intro to the Privacy by Design framework (Smashing Magazine)
- Afterbrexit.tech side blog where I monitor EU tech policy through the Brexit process
- All blog posts on data protection
- WordPress.org core-privacy team:
I am a component maintainer on this team – get in touch during office hours.
- Official EU links:
- National data protection authorities: