On 25 May 2018, the data protection regime under the Data Protection Act 1998 will be replaced by the new EU General Data Protection Regulation (GDPR), with significant implications for all organisations.
GDPR introduces tougher fines for non-compliance and breaches, and gives people more say over what can be done with their data. As well as that, subject access is changing and there will be an onus on organisations to demonstrate compliance with data protection from the outset.
The GDPR increases penalties for non-compliance - fines may be up to 4% of total global annual turnover or €20m, whichever is greater.
All organisations, including small to medium-sized companies and large enterprises, must be aware of all GDPR requirements and be able to comply by May 2018.