General Data Protection Regulation comes into force

Implementation date: 25 May 2018

The General Data Protection Regulation (2016/679 EU) (GDPR) replaces the Data Protection Directive (95/46/EC).

The Regulation harmonises data protection law across the EU and extends it to include all foreign companies processing the data of EU residents. The Regulation:

provides for the creation of a single data protection authority instead of a supervisory authority for each member state, and the creation of data protection officers for all public authorities and companies processing high volumes of data;
provides for the imposition of a fine of €20 million or 4% of global turnover, whichever is greater;
requires the positive consent of individuals to have their data processed;
provides for the notification of breaches to the data protection authority; and
extends the special categories of data, such as trade union membership and religious belief or political opinion, to include information relating to health.

The Data Protection Act 2018, which brings data protection rules in the UK into line with the requirements of the GDPR, received Royal Assent on 23 May 2018. The main provisions of the Act are commenced by the Data Protection Act 2018 (Commencement No.1 and Transitional and Saving Provisions) Regulations 2018 (SI 2018/625).

About this resource

Status

This article has been archived and is available for reference only.

Updates

Updated to reflect that the main provisions of the Data Protection Act 2018 are commenced by the Data Protection Act 2018 (Commencement No.1 and Transitional and Saving Provisions) Regulations 2018.

Publisher

XpertHR

Legal timetable

General Data Protection Regulation comes into force

Implementation date: 25 May 2018

Was this article helpful?

Read more items tagged with the same topics

About this resource

Templates

When To Include

Explore XpertHR

Learn more

Get in touch

Connect with us