The EU General Data Protection Regulation (GDPR) came into effect on 25th May 2018 and replaced elements of the Data Protection Act 1998. This regulation has created new legal obligations which has a significant impact upon the way in which organisations handle personal data. Whilst Premex Group companies will communicate regularly with suppliers and customers, we recommend that all companies utilise the ‘What’s New’ section of the ICO’s GDPR web site for regular updates.

How is my organisation affected?

The UK government has confirmed that the UK’s decision to leave the EU will not affect the introduction of the GDPR. So all companies operating in the UK which process personal data are required to comply with the regulation. Unlike the Data Protection Act, the controls under the GDPR have an impact on both ‘controllers’ and ‘processors’ of personal data.

The GDPR has introduced new rights for individuals such as the ‘Right to be Forgotten’ and the ‘Right to Data Portability’. These rights should have been integrated into the operational controls administered by data processors and controllers. The regulation has also introduce mandatory breach reporting to the ICO and the Data Subject. Fines for breaches of the GDPR will also be considerable in monetary value.