The EU General Data Protection Regulation

Regulation (EU) 2016/679 of the European Parliament and of the Council became law in April 2016. It will be fully enforced as of May 2018 so businesses only have a short time to make sure they comply with the legislation.

Key Points

GDPR applies to any business processing data of EU citizens regardless of where the business or data is located.

The scope of data covered under the regulation is greater than that of preceeding legislation.

Both data controllers and data processors have new responsibilities.

Subjects need to be informed of data held about them in a clear and concise manner.

The processing of sensitive data requires increased governance and control.

All businesses handling EU subjects' data need to be able to demonstrate compliance with the legislation.

Large businesses need to keep records of all processing activities and should ideally appoint a Data Protection Officer

Fines of up to 4% of annual business turnover can be imposed for serious contravention of the legislation.

Disclosure of data security breaches are mandatory.

Other Sources of Information

Full text of EU GDPR

GDPR Guidance from the UK ICO

Read our guide to Personal Data

Cyber Security Awareness

Cyber Security

Make sure your staff are aware of common threats and know how to prevent attacks occurring. Take a look at our cyber security training and learning resources.


The WannaCry ransomware outbreak in May showed how devastating these kinds of attacks can be to services we depend upon. Read our ransomware guide to learn more about this increasingly significant problem for businesses and organisations

Personal Data

Complete our GDPR Survey and find out whether your business complies with the new legislation.