Prepare for the General Data Protection Regulation (GDPR)
Key points
The General Data Protection Regulation (GDPR) is the new legislation governing data protection in the EU. It applies in the UK from 25 May 2018. It sets a higher standard for data protection and imposes stricter penalties for non-compliance than the current regime.
It is advisable for employers to develop and implement a GDPR compliance programme, prioritising tasks based on areas with the highest risk.
In certain circumstances an employer must appoint a data protection officer. Where this is not mandatory, the employer should designate someone to take responsibility for data protection compliance.
Employers should conduct an audit of data processing practices. The audit should, among other things, identify the existing grounds for processing data and whether or not these grounds are still valid under the GDPR.
