The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, Council of the European Union and the European Commission intend to both strengthen and unify the data protection laws for all individuals within the European Union (EU). It is something that will affect all businesses in the UK, and comes into force by May next year, yet a recent survey reveals that over 25% of businesses are yet to begin preparing for the new legislation.
GDPR will give people more control over their personal information, when it is passed into law in 2018, it changes the entire concept of personal data, expanding its definition to include peoples IP addresses and online identifiers, as well as ensuring that companies gain explicit consent to use their data.
What does this mean for you? It makes it a lot easier for citizens to find out what data companies hold on them, and provides them with details about how and where their data is handled and what it is used for.
The new legislation also holds tough fines for businesses and organisations who are in breach of the law, with those in breach facing penalties of up to 4% of their annual turnover, or 20 million euros, whichever is the greater figure.
Recent research has revealed that many companies are still unaware or have a serious lack of understanding, with only 7% of SME’s reporting that they fully understand the rules and an alarming figure of 14% not knowing what GDPR is at all.