The General Data Protection Regulation (GDPR) applies to all EU Member States, including the UK, from 25 May 2018.
The GDPR strengthens existing data protection rules through a number of measures, including:
Breaches of the GDPR may lead to fines of up to 20 million Euros or 4 per cent of global turnover, whichever is the greater. Enforcement of the new rules in the UK rests with the Information Commissioner’s Office (ICO).
On 13 September 2017, the government introduced a new Data Protection Bill to:
The Bill received Royal Assent on 23 May to become the Data Protection Act 2018 which became law on 25 May.
The ICO has a range of information and resources especially designed for organisations. CIPD members can also see our Data protection, surveillance and privacy at work law Q&As.