For almost 20 years, the collecting, processing and storing of individuals’ data has been governed in the UK by the Data Protection Act 1998. By May 2018, this system will be totally overhauled.
There are many reasons why this change is necessary. Organisations today are using information in ways which we could not even have imagined when the Data Protection Act was drafted.
The new General Data Protection Regulation (GDPR) puts the onus on companies to understand the risks that they create for others and to mitigate those risks.
The UK Information Commissioner, Elizabeth Denham, has asked organisations to see the change to the GDPR as a chance to move away from the law as a box ticking exercise and instead viewing it as a framework that can be used to build a culture of privacy that operates through every aspect of your organisation.
The GDPR will apply in the UK from 25th May 2018, so the countdown is on to make sure your organisation embraces the new culture of privacy which the GDPR requires.
The UK Government has confirmed that Brexit will not affect the start of the GDPR. In Northern Ireland, with so many businesses and services operating across the physical border with Ireland and across borders in Europe, international consistency around Data Protection is critical.