Published: 3 November 2016

Reading time: less than a minute

The General Data Protection Regulation (GDPR) is a new law coming into force on 25th May 2018, but what is it? And why is the legislation changing?

  • The new law is designed to strengthen data protection for people in the European Union.
  • This legislation will replace the current UK Data Protection Act which has been in place since 1998.
  • This Act, which is nearly 20 years old, is out of touch with modern day life and technologies- now we have mobile devices, data centres, encryption and cloud-based products.
  • In 1998 the Act focused on paper records and electronic data held on in-house servers. The internet was not available to everyone, so the concepts and risks of worldwide information sharing, tracking and theft, barely existed.
  • One aim of the GDPR, by providing a single law for data protection, is to improve confidence in businesses holding personal data.
  • It will also reduce costs for those that have had to comply with varying legislation across countries.
  • In short, the new legislation will apply to any business, wherever it is based, that processes the data of EU citizens- so it’s time to take note.