GDPR legislation takes effect

A set of new data protection rules have come into force as of 25 May 2018, placing greater obligations on businesses that handle personal data.

The General Data Protection Regulation (GDPR) is designed to "harmonise" data protection across the EU, and to give individuals more rights regarding their personal data.

This includes the right to:

  • receive information about how businesses use their data
  • withdraw or change the data businesses hold on them
  • object to businesses processing their information.

It also introduces stricter rules for reporting data breaches and informing individuals who may be affected.

The GDPR applies to any organisation within the EU, or dealing with the personal data of EU citizens.

Businesses that are not compliant with the rules could face fines up to a maximum of €20 million or 4% of the company's annual turnover.

However, penalties will be at the discretion of the Information Commissioner's Office (ICO), which has emphasised that fines will only be issued as a last resort.

Visit the ICO website for more information.