• Send us a message

    Fill in our form and we'll get back to you as soon as possible

    Please enter name
    Please enter your telephone number
    Please enter your email address
    Please let us know which of offices would most convenient for you?
    Please enter the details of your enquiry
    Please enter the verification code
    Send us a message
  • Services for you
  • Services for business

EU General Data Protection Regulation

In the UK, the Data Protection Act 1998 sets out the principles of data protection in compliance with European legislation.

The more recent approval of the EU General Data Protection Regulation (GDPR) has imposed some changes on the operation of UK data protection law, though not to the principles which apply.

The changes, which are intended to strengthen and unify data protection for individuals within the EU, include:

  • Increased powers for regulators to fine organisations which fail to comply with data protection law. Fines can be levied up to €10 million or 4 per cent of the organisation's worldwide turnover;
  • Data controllers will have to be able to demonstrate compliance with the GDPR, which may mean implementing additional records and procedures to prove compliance;
  • The GDPR prohibits the assumption of 'implied' agreement for personal data to be retained and used. Consent must be 'freely given, specific, informed and unambiguous'; and
  • A data subject can normally require that their personal data is deleted in appropriate circumstances.

This list is not comprehensive.

This legislation will continue to apply until Britain leaves the EU, and may well be substantially retained thereafter, depending on the Brexit terms.

The contents of this article are intended for general information purposes only and shall not be deemed to be, or constitute legal advice. We cannot accept responsibility for any loss as a result of acts or omissions taken in respect of this article.