What: The General Data Protection Regulation (GDPR) replaces the Data Protection Act (DPA). It provides a new data protection framework to cover the collection, processing and protection of personal data and will have an impact on all businesses in the EU as the definition of what is ‘personal data’ now includes business contacts as well as client details.

Why: The DPA was implemented in the 1990’s when there was no social media or cloud computing. It does not reflect how we now live and do business; we need better ways to protect and use personal data.

When: The GDPR starts to be enforced in May 2018

Does Brexit make a difference? No, the UK Government have confirmed that GDPR will be implemented in May 2018. The Information Commissioner has said “there may still be questions about how the GDPR would work on the UK leaving the EU but this should not distract from the important task of compliance with GDPR by 2018“.

How to prepare for the GDPR

The good news is that many of the concepts and principles are much the same as those in the DPA, so if you are complying now then most of your approach remains valid.

1. Find out more about the GDPR principles to understand the impact it will have on your business
2. Do an audit of all your personal data and determine where you already meet the GDPR principals
3. Plan out the changes required to processes, procedures and IT.
4. Implement the changes