Four years in the making, the General Data Protection Regulation was adopted by the EU in May 2016 and it comes into force on 25th May 2018.

For a while, it wasn’t clear what the impact of Brexit would be, but now we know – according to the Information Commissioner’s Office, the government has confirmed that the UK’s decision to leave the EU will not affect its implementation.

It focuses on the processing of personal data and makes both the controller and data processor more accountable, by asking them to actively demonstrate good data processing practice. This infographic sets out the new rules that support lawfulness of data processing.

Note – as part of the new legislation, any company with EU clients needs to comply and whilst an existing UK fine for data breach reporting is capped at £500k, this new regulation carries fines of €10m or 2 percent of global turnover (whichever is the highest). This condition is not available to processing carried out by public authorities in the performance of their tasks.

To find out more and to keep abreast of new guidelines, visit the ICO website.

The new lawfulness of data processing