On the 25th of May 2018 the General Data Protection Regulation (GDPR) replaced the existing data protection regulations in all European member states, including the United Kingdom who was still a member at the time.
The previous regulations (the Data Protection Act of 1998 or the Data Protection Directive of 1995 outside of the United Kingdom) were developed at a time when the majority of data processing was paper-based, there was a limited understanding of the impact technology would have on the way data is processed.
The GDPR’s purpose is to be a living document with future-proof wording that is also “technology neutral”, meaning the same regulatory principles apply regardless of advances in technology and data science. It also:
- Standardises the data protection laws accross all European member states.
- Makes it easier for end-users to understand why and how their data is being used.
- Enforces stricter guidelines on how organisations handle collected data.