The General Data Protection Regulation (GDPR)
What is the GDPR?
The EU General Data Protection Regulation (GDPR) is a pan-European data protection law, which superseded the EU’s 1995 Data Protection Directive and all member state law based on it, including the UK’s DPA 1998 (Data Protection Act 1998), on 25 May 2018,The GDPR extends the data rights of individuals (data subjects), and places a range of new obligations on organisations that process EU residents’ personal data.
he DPA 2018 (Data Protection Act 2018) supplements the GDPR by filling in the sections of the Regulation that were left to individual member states to interpret and implement.
It also applies a “broadly equivalent regime” – known as “the applied GDPR” – to certain types of processing that are outside the GDPR’s scope, including processing for law enforcement processes and by public authorities.
Who does the GDPR apply to?
Organisations that process personal data must not only comply, but also be able to demonstrate their compliance, with the Regulation’s requirements.
Accountability and governance
Data processing principles
Transparency and privacy notices
Privacy rights of individuals
Data breach reporting
The benefits of the GDPR
There are great advantages to GDPR compliance. The new law promotes greater transparency and accountability and aims to increase public trust by giving individuals more control over their data. By getting data protection right, organisations will enhance their reputation, and build better, trusted relationships with existing and potential customers.
The business benefits of the GDPR include:
- Build customer trust
- Improve brand image and reputation
- Improve data governance
- Improve information security
- Improve competitive advantage
Professor Nabil El Kadhi, PhD