Data protection reform is coming - are you ready?

The General Data Protection Regulation (GDPR) takes effect from May 2018 and signals a new era for data protection.

The high-profile Regulation will apply in all EU Member States without the need for further national legislation.

The GDPR is far-reaching. Even after Brexit, it will apply to any organisations in the UK (or elsewhere in the world) dealing with data that relates to EU residents.

Organisations that monitor, store or analyse personal data will face more onerous obligations than ever before, so it is essential to act now in order to comply by 2018. Failure to do so could attract significant fines.

MRS has a comprehensive suite of materials to help your organisation understand and comply with the GDPR, plus you can keep up to date with the latest developments on Twitter @fairdata

The GDPR - key facts

After four years of negotiation, the European Parliament adopted the GDPR in May 2016. This is an historic achievement which modernises data protection rules across the EU to better meet the demands of the digital world. It strengthens individuals' rights and places greater obligations on all those processing data relating to EU residents, including researchers of all types and sizes.

The Regulation will apply directly without having to be implemented by statute. It will be enforced by the Information Commissioner's Office and other EU national data protection authorities from May 2018.

All organisations that handle personal data will be affected by GDPR to some extent. For many businesses, major changes will need to be implemented so it's essential that your organisation takes steps towards compliance now. Failure to do so could attract significant fines of up to 4% of worldwide turnover or EUR20 million (whichever is higher).

Adopting a Risk-Based Approach to GDPR Compliance

In 2017 data protection readiness must take centre stage for all organisations using personal data. The General Data Protection Regulation (GDPR) comes into force on 25 May 2018, meaning there is now less than 18 months to ensure GDPR compliance.

Privacy is a fundamental right for EU citizens and is increasingly important in the digital age. GDPR requires that organisations fully consider the risks that processing poses to the fundamental rights and freedoms of individuals. In this brief blog we'll highlight some of the key points to help you appreciate what this means for your organisation in fulfilling GDPR obligations.

Read more here: Adopting a Risk-Based Approach to GDPR Compliance

Is GDPR still relevant after Brexit?

The GDPR will be far-reaching and apply to any organisations in the UK or elsewhere in the world dealing with personal data that relates to EU residents.

The UK's data protection authority, the Information Commissioner's Office, has stressed that data protection reforms in the UK will continue to be influenced by EU regulations, both leading up to and after the UK's exit from the EU.

The precise nature of a post-Brexit UK-EU relationship will, of course, be a critical influence on how closely the UK follows the letter and spirit of the GDPR. Keep up to date with developments on MRS - Fair Data Twitter feed @fairdata.


GDPR Blogs