The EU General Data Protection Regulation

Regulation (EU) 2016/679 of the European Parliament and of the Council became law in April 2016. It will be fully enforced as of May 2018 so businesses only have a short time to make sure they comply with the legislation.

Key Points

GDPR applies to any business processing data of EU citizens regardless of where the business or data is located.

The scope of data covered under the regulation is greater than that of preceeding legislation.

Both data controllers and data processors have new responsibilities.

Subjects need to be informed of data held about them in a clear and concise manner.

The processing of sensitive data requires increased governance and control.

All businesses handling EU subjects' data need to be able to demonstrate compliance with the legislation.

Large businesses need to keep records of all processing activities and should ideally appoint a Data Protection Officer

Fines of up to 4% of annual business turnover can be imposed for serious contravention of the legislation.

Disclosure of data security breaches are mandatory.

Other Sources of Information

Full text of EU GDPR

GDPR Guidance from the UK ICO

The Data Protection Hub

Data Protection


The General Data Protection Regulation is now only a few months away. The DP Hub provides a substantial body of information on data protection to help businesses and organisations comply.


Complete our GDPR Survey and find out whether your business complies with the new legislation.