For all your legal challenges...

We're here to help

Library

EU General Data Protection Regulation

In the UK, the Data Protection Act 1998 sets out the principles of data protection in compliance with European legislation.

The more recent approval of the EU General Data Protection Regulation (GDPR) has imposed some changes on the operation of UK data protection law, though not to the principles which apply.

The changes, which are intended to strengthen and unify data protection for individuals within the EU, include:

  • Increased powers for regulators to fine organisations which fail to comply with data protection law. Fines can be levied up to €10 million or 4 per cent of the organisation's worldwide turnover;
  • Data controllers will have to be able to demonstrate compliance with the GDPR, which may mean implementing additional records and procedures to prove compliance;
  • The GDPR prohibits the assumption of 'implied' agreement for personal data to be retained and used. Consent must be 'freely given, specific, informed and unambiguous'; and
  • A data subject can normally require that their personal data is deleted in appropriate circumstances.

This list is not comprehensive.

This legislation will continue to apply until Britain leaves the EU, and may well be substantially retained thereafter, depending on the Brexit terms.

View my profile
    • View profile
For advice on how the GDPR affects your business or organisation, contact us.
The contents of this article are intended for general information purposes only and shall not be deemed to be, or constitute legal advice. We cannot accept responsibility for any loss as a result of acts or omissions taken in respect of this article.