top of page

General Data Protection Act Update

As of May, 25th 2018 new legislation will come into force which overwrites the Data Protection Act, the new legislation is the General Data Protection Regulation (GDPR).

Despite the result of the 2016 referendum this new legislation is still required to be implemented in the UK. The Information Commissioner’s Office has released a preparation guide which supports organisations in the preparation for the GDPR.

About GDPR

The initial good news is that the ICO will abolish the annual fee registration fee. The GDPR follows on from the Data Protection Act (DPA), maintaining many of the main concepts and principles. ICO ‘If you are complying properly with the current law then most of your approach to compliance with remain valid under the GDPR’

The GDPR introduces eyewatering tiered fines for Data Controllers found to be falling short of the required standards set out in the GDPR, these new fines aim to punish and not just deter.

Tier 1 shortfalls lead to fines of up to 2% of annual turnover or 10 million euros, whichever is the greater

Tier 2 shortfalls lead to fines of up to 4% of annual turnover or 20 million euros, whichever is the greater

Individuals Rights under GDPR

Individuals have the right to be:

  • Informed

  • Access

  • Rectification

  • Erasure

  • Restrict Processing

  • Data Portability

  • Object

  • Automated Decision Making and Profiling

Differences between DPA and GDPR.</