The General Data Protection Regulation (GDPR), which will replace the current EU Data Protection Directive, has been formally approved by the European Parliament and will take effect in May 2018.
The GDPR contains significant measures to replace national legislation with a harmonised EU data protection regime. Although exiting the EU will mean that the GDPR will not apply directly to the UK, any trade agreement with the EU is likely to require proof of adequate data protection measures. This means that reform of the UK’s data protection legislation in line with the new EU legislation is still a necessity. The Information Commissioner’s Office is therefore advising all businesses to start preparing now to ensure they can comply with the detailed provisions of the GDPR.
The GDPR includes the following changes to data protection rules: