What is GDPR and what does it mean to be compliant?
I am sure that you will all by now be aware of GDPR. GDPR comes into effect on 25th May 2018 and seeks to give individuals more control over how organisations use their data.
GDPR is a European regulation, and automatically becomes law in the UK because of our membership of the European Union. Although Brexit would take us out of the European Union, the current plan is to incorporate all EU law into UK law, so GDPR is almost certainly here to stay.
Confusingly, the UK Parliament is drafting its own data protection law called the Data Protection Act 2018 (DPA 2018). This law will supplement the GDPR and replace the existing 1998 Data Protection Act. The DPA 2018 is still working its way through Parliament so is not finalised. Much of the commentary on ‘GDPR’ combines it with the DPA 2018, and so mixes actual law with a draft bill.