What is the GDPR?
The General Data Protection Regulation (GDPR) will, from 25th May 2018, significantly extend the provisions of the Data Protection Act. It’s an EU Regulation, but it will still apply after the UK has left the EU.
It significantly extends the rights of Data Subjects (people about whom you hold or process data.) For example, the right to know what data is stored about them, and to request correction and erasure.
It also puts a heavy burden of responsibility on Organisations processing or controlling personal data, which include very large fines for non-compliance and data breach. These responsibilities mean that affected organisations need to take Cyber Security seriously and systematically. The consequences of not doing so could be expensive.