What is the General Data Protection Regulation?

General Data Protection RegulationBelow, we have put together some answers to a number of common questions regarding the General Data Protection Regulation (GDPR).


What is GDPR?

The General Data Protection Regulation (GDPR) is European legislation that has been designed to harmonise data protection law across the EU. The GDPR will replace the current Data Protection Act 1998 (DPA).


When does it come into force?

The GDPR will come into force on 25th May 2018 across all EU member states.


But what about Brexit, surely this means it won’t apply to us?

The GDPR will come into force before the UK leaves the European Union. The UK government has already confirmed that the GDPR will apply.


What is personal data?

The definition within the GDPR (Article 4.1) is:

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.’


What are my individual rights?

The GDPR strengthens some of the existing rights we currently have under the DPA and introduces some new rights. The rights for individuals under GDPR are:

1) The right to be informed

2) The right of access

3) The right to rectification

4) The right to erasure

5) The right to restrict processing

6) The right to data portability

7) The right to object

8) Rights in relation to automated decision making and profiling.


Who is the regulator for the GDPR?

The Information Commissioner’s Office – https://ico.org.uk


What are the consequences if a business breaches the GDPR?

Depending on the scale of the breach, organisations can be fined up to €20 million or up to 4% of global turnover of the previous year, whichever is highest. Currently, the maximum fine under the DPA is £500,000.

Fines are not the only penalties the ICO can impose. They can also issue warnings, reprimands and temporary suspensions of data processing.


Are P & I GDPR compliant?

We’ve been working really hard over the last year to ensure that on 25th May, we are fully compliant with the GDPR. For more information about how P & I are fully compliant and how we process your data, please visit: P & I and the GDPR.


For more information and guidance regarding the GDPR, visit the ICO’s website.

Contact us