Regulation (EU) 2016/679 of the European Parliament and of the Council became law in April 2016. It will be fully enforced as of May 2018 so businesses only have a short time to make sure they comply with the legislation.
GDPR applies to any business processing data of EU citizens regardless of where the business or data is located.
The scope of data covered under the regulation is greater than that of preceeding legislation.
Both data controllers and data processors have new responsibilities.
Subjects need to be informed of data held about them in a clear and concise manner.
The processing of sensitive data requires increased governance and control.
All businesses handling EU subjects' data need to be able to demonstrate compliance with the legislation.
Large businesses need to keep records of all processing activities and should ideally appoint a Data Protection Officer
Fines of up to 4% of annual business turnover can be imposed for serious contravention of the legislation.
Disclosure of data security breaches are mandatory.
The WannaCry ransomware outbreak in May showed how devastating these kinds of attacks can be to services we depend upon. Read our ransomware guide to learn more about this
increasingly significant problem for businesses and organisations
Complete our GDPR Survey and find out whether your business complies with the new legislation.