The EU General Data Protection Regulation

08 June 2016 Download PDF

The EU data protection landscape, having remained largely unchanged since 1995, is now on the brink of a radical transformation. After extensive negotiations, the GDPR was formally adopted on 4 May 2016 and is set to replace most EU data protection legislation, including the DPA in the UK.

 

Unlike the current Directive, the GDPR will be directly applicable in all EU Member States without the need for national legislation. It will apply from 25 May 2018.

The GDPR brings new concepts into the regulatory spotlight, including profiling and the right to be forgotten. It imposes extensive new obligations on businesses and transforms the role of the Data Processor. Rights for individuals are significantly strengthened and fines in respect of breaches are increased exponentially from £500,000 under the DPA, up to €20,000,000 or 4% of annual worldwide turnover under the GDPR.

This Brochure aims to explain the main differences between the Directive/DPA and the GDPR. We have used weather themed icons for categorising the changes, so that at a glance, you can see how this may affect your business.

Please see our Glossary on page 21 for an explanation of the defined terms and abbreviations that we have used in this Brochure.

If you would like more information on the GDPR or the DPA, please contact Ian Stevens, Emma Burnett, John Armstrong or Loretta Pugh.

 

Show more Show less

Back to top

Agency Database

Future Dates

* Estimated date

  • 23 March 2018

    Deadline for responses to FCA's consultation CP18/4: the Money Market Funds Regulation.

  • 31 March 2018

    Date on which the European Banking Authority's revised XBRL methodology (remittance of data under the EBA implementing technical standards (ITS) on supervisory reporting) will be used in relation to reference dates.

  • 9 April 2018

    Deadline for responses to PRA's consultation CP1/18 regarding MREL.