General Data Protection Regulations (GDPR) will apply from 2018

10 November 2016

Do you operate internationally and have day-to-day responsibility for data protection?

If so, you need to be aware of what the General Data Protection Regulations (GDPR) will mean for businesses when they come into force in 2018.

The government has now confirmed that the UK will be implementing the General Data Protection Regulation (GDPR).

The Information Commissioners Office (ICO) provides a useful overview to GDPR which highlights the key themes of the GDPR to help organisations understand the new legal framework in the EU. It explains the similarities with the existing UK Data Protection Act 1998 (DPA), and describes some of the new and different requirements.

The ICO had started to produce a set of guidance on GDPR, and this overview was to be the first substantive part of that. The result of the 23 June 2016 referendum on membership of the EU now means that the Government needs to consider the impact on the GDPR. This is likely to raise further questions however this does not detract from the task of compliance with GDPR by 2018.

Once implemented in the EU, the GDPR will be relevant for many organisations in the UK. With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations, and to consumers and citizens.

The Information Commissioner, Elizabeth Denham said:

“The ICO is committed to assisting businesses and public bodies to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond.

As early as January 2016, we met with organisations to better understand the challenges they will face to comply with the law, and we’ve already started to publish work to help with that, from our 12 steps to take towards compliance to our recent privacy notices code of practice which includes GDPR detail.

Within the next month, we’ll publish a revised timeline setting out what areas of guidance we’ll be prioritising over the next six months. As ever, everything will be published on the ICO website, and we’ll flag updates on twitter and through our e-newsletter.