New data privacy laws from 25th May impact how companies in all countries protect the personal data of EU citizens. Countries outside the EU which store any personal details of EU citizens will also be affected by the General Data Protection Regulations (GDPR). In the UK, the Data Protection Act overlaps significantly and already applies. The ICO currently advises: “UK data protection standards would have to be equivalent to the EU’s General Data Protection Regulation framework starting in 2018”. Significant penalties for non-compliance mean organisations will need to gain a clear understanding of what sensitive personal data they store and evaluate their processes to manage and protect it before the compliance deadline.

Personal data is any data which can be used to identify a specific individual. Any files containing unique attributes such as National Insurance Number or NHS number or a unique combination of information about individuals such as driving licences, passport records, utility bills or birth certificates can be used to distinguish one person from another and are classed as personal data. Such information will need to be managed very carefully in every organisation in future.

All businesses will need to be able to demonstrate quickly how they comply with legislation, and larger companies must specifically employ a data protection officer. The full detail is captured in a complex 119 page EU document, and accompanying 55 page document relating to law enforcement agencies, but the key points to note are covered in our download, GDPR and Information Risk.

We will be keeping our newsletter subscribers up to date with further advice, including updates from the ICO. Sign-up to our newsletter today and also receive a FREE guide to GDPR and Information Risk.