1 London Street,
+44 (0)118 951 6200
Since the data protection directive was introduced in 1995 there have been significant advances in information technology. To address these changes, a framework has been agreed to replace the 1995 directive – the general data protection regulation (GDPR) which is expected to come in to force in 2018.
Although it is still early days, what do you need to know and how will the changes impact on your business?
Scope of GDPR
A business, with or without a physical presence in the EU, will be within the scope of the GDPR if it offers goods or services to EU data subjects or monitors the behaviour of EU data subjects. Personal data for the purposes of the GDPR will now include biometric and genetic data where processed to uniquely identify a person.
Implications for businesses
Businesses that process data will have more obligations placed upon them. In particular, the obligations will be more stringent if the processing is frequent or the data is sensitive.
Rights for data subjects
The new rights for data subjects will include the right to be forgotten, data portability rights and the right to object to automated decision making.
Enforcement of GDPR
To promote enforcement of the GDPR, the discretionary fines given to both data controllers and data processors found in breach of it will be increased significantly.
Certain administrative fines will be up to €20,000,000 or, 4% of global turnover, whichever is the higher.