GDPR

General Data Protection Regulation

On the 25th of May 2018 the General Data Protection Regulation (GDPR) replaced the existing data protection regulations in all European member states, including the United Kingdom who was still a member at the time.

The previous regulations (the Data Protection Act of 1998 or the Data Protection Directive of 1995 outside of the United Kingdom) were developed at a time when the majority of data processing was paper-based, there was a limited understanding of the impact technology would have on the way data is processed.

Purpose

The GDPR’s purpose is to be a living document with future-proof wording that is also “technology neutral”, meaning the same regulatory principles apply regardless of advances in technology and data science. It also:

  • Standardises the data protection laws accross all European member states.
  • Makes it easier for end-users to understand why and how their data is being used.
  • Enforces stricter guidelines on how organisations handle collected data.