What is GDPR and why is it important?

What? The General Data Protection Regulation is the new data protection legislation that will replace the current Data Protection Act becoming a new citizen’s charter for the protection of personal data. Non-compliance penalties range from up to €10M or 2% global turnover up to €200M and 4% of global turnover, (whichever the greater) depending on the offence and Data Subjects have significant new rights to compensation from the Data Controller and the Data Processor.

Who? Applies to any global entity processing EU citizen personally identifiable information, to data controllers and data processors alike with a burden of proof on them to evidence compliance.

When? Currently treated as best practice and becomes UK law on 25th May 2018 replacing the current Data Protection Act. Includes breach notification deadlines of 72 hours to the ICO and in certain circumstances to impacted customers.

Why? Current European data legislation did not consider the current ways in which consumers interact with each other and with brands and the way that those they interact with process data for commercial benefit.

First line support? Information Commissioners Office https://ico.org.uk/for-organisations/data-protection-reform/

Latest update? Positioning speech by Elizabeth Denham (ICO) to the Institute of Chartered Accountants in England and Wales 18th Jan 2017

https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2017/01/information-commissioner-talks-gdpr-and-accountability-in-latest-speech/ and a statement in Parliament on 10th February by Matthew Hancock MP Minister of State, Department Culture, Media and Sport (Digital Policy) “We shall be implementing the General Data Protection Regulation (GDPR) in full”.

John Greeenwood

Written by
John Greenwood

March 2017


PCI Participants logo PCI Level 1 certified logo