New data protection rules from General Data Protection Regulation (GDPR) will replace the Data Protection Act in the UK from 25 May 2018.
GDPR is designed to safeguard personal data of citizens from EU member states, with particular emphasis on transparency and accountability. It applies to all businesses in the EU and non-compliance will lead to substantial fines.
The new GDPR is a regulation which is intended to strengthen and unify data protection for all individuals within the European Union (EU). The regulation will become a law without exception in the UK from 25 May 2018. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
The government has also confirmed that the UK will replace the 1988 Data Protection Act (DPA) with legislation that mirrors GDPR, post-Brexit. This means that any business, big or small, will be required to comply with GDPR – which deals with secure collection, storage and usage of clients’ personal data.
Failure to comply with the regulation can result in heavy fines of up to €20 million or 4% of the businesses’ annual turnover (whichever is higher amount).