One Year to go Until GDPR!

25 May 2017 03:17 PM

Today, 25 May 2017, marks one year to go until the General Data Protection Regulation applies in UK law, along with all other EU Member States.

GDPR, almost five years in the making, represents a significant reform in European data protection laws. The new regulation stipulates how organisations of every size and sector should handle and process personal data, with a greater emphasis on individuals’ rights and controls over how their information is used.

While much contained in the new regulation is similar to existing requirements, new obligations will come into effect such as a new expanded definition of personal data, joint liability for data controllers and processers, a new extra-territorial reach, changes to data breach notifications, mandatory appointment of data protection officers in certain situations and the introduction of significant fines for non-compliance.

You can check out some of the key changes introduced by the GDPR in this techUK blog.

This new regulation, replacing the 1998 Data Protection Act, in the UK, will have implications for every business in all sectors. Despite the fact that the UK will be leaving the EU the previous Government committed to introducing GDPR. In any case, the regulation will apply in UK law before it leaves the EU.

Additionally the Conservative Party’s 2017 General Election Manifesto has committed to a new Data Protection Law and the Labour Party have committed to maintaining strong data protection rules too, with a specific reference to cross-border data flows. Whatever the outcome of the General Election, data protection will be a priority for the next Government.

techUK is marking the ‘one year to go’ moment with the event ‘Will GDPR Change the World?’ This session, including a keynote from Rob Luke, Deputy Information Commissioner, will look at data protection now and into the future and questioning whether GDPR will stand the test of time.

Commenting on the 365-day countdown to GDPR Jeremy Lilley, techUK’s Programme Manager for Cloud, Data, Analytics, AI & Intellectual Property said “With exactly one year to go until GDPR applies in the UK, organisations of every size and sector need to consider how they will prepare to comply with the new rules.

“More awareness raising is required to ensure that organisations are aware of the obligations the new rules bring to ensure that businesses do not accidently find themselves on the wrong side of the law next year. In addition, more implementation guidance on GDPR is required so businesses know how to turn a lengthy regulation into updated business practices.

“With data increasingly on the public’s agenda, the GDPR offers an opportunity to continue building a culture of data confidence in the UK by providing citizens with greater control over their information. This should be balanced by ensuring the UK’s data-driven economy and society are able to continue to thrive.

However, while an important step, implementing GDPR will not be sufficient to solve all concerns surrounding the UK’s future data protection landscape. In particular the next Government must ensure Brexit negotiations result in a robust and secure legal mechanism which facilitates the frictionless free flow of data across borders.”