Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016Many organisations are ill-prepared for the EU Regulation which comes into force on
25 May 2018.
Does this Regulation apply to all businesses?
The simple answer is yes. All businesses that hold personal data on a living person will be affected. Data held for personal or domestic use is excluded.
The Sun newspaper reported that it could affect a gardener, (for instance) who sends out email to drum up work without getting informed consent from the recipient. We shall see if this is enforced at this level.
This EU Regulation puts into place a number of additional requirements from the UK Data Protection Act 1998:
Strengthening of existing rights - includes the right to erasure of data or right to be forgotten
- Consent for use of data must be “opt in “ not “opt out”
- Breach reporting
- Data Protection Impact Assessments
- Higher penalties for non-compliance.
This regulation applies to all EU States but there is a provision to allow individual States to produce their own Data Protection Act.
Our own Data Protection Act is to be updated and put before Parliament in September 2017.
There will be a move to get the EU to rule on the compliance of the UK Law in relation to the GDPR.
If you need additional information on this you can contact us or look at the ICO (Information Commissioners Office) web-site.