This is a question which I frequently hear and often extending it to its full name of the General Data Protection Regulation doesn’t prove any more enlightening to the person asking the question.
GDPR is the regulation agreed by the European Community as the standard that should be in place across the EU when handling a persons information. It’s the replacement for the European directive that became the Data Protection Act.
Simply put, GDPR is the updated Data Protection Act.
The GDPR applies to all organisations who collect and use the personal information of anyone in the EU, regardless of size, sector, profit, number of employees or location. Very few organisations are therefore exempt.
The key thing about GDPR which has got people talking is the huge increase in potential fines. Under GDPR an organisation could be fined up to about £17m or 4% of global turnover whichever is greater. This can be extremely scary if you are a small business person. The Information Commissioners Office has said that it is not their intention to apply the largest possible fines and that they will continue to consider the circumstances of each organisation at the time of enforcement action.
That’s the brief outline of GDPR. More updates will follow over the coming weeks but if you have any questions or need to find out more about how you should be complying with the requirements, please contact us.