Menu Home Search

The General Data Protection Regulation (GDPR)

Updated on 07 March 2018, 856 views

The GDPR will apply in the UK from 25 May 2018. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
The GDPR applies to ‘controllers’ and ‘processors’. The definitions are broadly the same as under the DPA – ie the controller says how and why personal data is processed and the processor acts on the controller’s behalf. If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR. If you are a proces-sor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have significantly more legal liability if you are responsible for a breach. These obligations for processors are a new requirement under the GDPR. However, if you are a con-troller, you are not relieved of your obligations where a processor is involved – the GDPR places further obliga-tions on you to ensure your contracts with processors comply with the GDPR.

Read the full guidance on the ICO website

The GPC have published guidance for practices

The guidance sets out the main themes of the legislation and what you need to do to ensure compliance, including: