“The General Data Protection Regulation (GDPR) is set to replace the Data Protection Directive 95/46/ec effective May 25, 2018. The GDPR is directly applicable in each member state and will lead to a greater degree of data protection harmonization across EU nations.
Although many companies have already adopted privacy processes and procedures consistent with the Directive, the GDPR contains a number of new protections for EU data subjects and threatens significant fines and penalties for non-compliant data controllers and processors once it comes into force in the spring of 2018.
With new obligations on such matters as data subject consent, data anonymization, breach notification, trans-border data transfers, and appointment of data protection officers, to name a few, the GDPR requires companies handling EU citizens’ data to undertake major operational reform.” Gabe Maldoff, International Association of Privacy Professionals, January 12th 2016
This article looks at compliance with the General Data Protection from an international perspective – something rather valuable now that we are on the road out of Europe. GDPR may be a European law, but in reality it applies to any company which uses or holds data on EU citizens, making its reach, and the consequences internationally encompassing.
With that in mind, plus the likelihood that GDPR will live on in UK law even after the conclusion of negotiations – see here for details – Gabe’s breakdown of the hoops companies will have to jump through is a great place to start.