Introduction to the General Data Protection Regulation (GDPR)

On 25 May 2018, the European Union’s General Data Protection Regulation (GDPR) – arguably the biggest shake up of data protection laws in 25 years – will come into force.

The GDPR is designed to harmonise data privacy laws across Europe.   All businesses and organisations must be compliant with the GDPR and its new rules by 25 May 2018.

The ethos of the GDPR is to empower individuals in relation to their data by making organisations accountable to and transparent about how they are processing the personal data of individuals.

 

The golden thread

Data protection will become the cornerstone of agents’ policies and practices. Data protection will be the metaphorical golden thread that weaves its way through how agents conduct their operations.

This was set out succinctly by the information commissioner’s office:

The new law equals bigger fines for getting it wrong but it is important to recognise the business benefits of getting data protection right. There is a real opportunity for organisations to present themselves on the basis of how they respect the privacy of individuals, and gain a competitive edge.   But if your organisation cannot demonstrate that good data protection is a cornerstone of your business policy and practices when the new law comes in [this] year, you’re leaving your organisation open to enforcement action that can damage both public reputation and bank balance”.

 

Why does it matter?

If GDPR compliance wasn’t incentive enough, it is worth noting that non-compliance with GDPR could lead to maximum fines of €20million or 4% of your organisation’s global turnover, whichever is the greater.

But it is not all about the bank balance, there’s the risk to public reputation too.

 

What’s it all about?

The internet is awash with articles focusing on GDPR, together with not insubstantial levels of “scaremongering” around the potential impact for businesses.

It is perhaps worth noting that the ICO have described this as an “evolution” rather than a “revolution”.

So in a series of resources focusing on GDPR, we’ll aim to demystify GDPR, and provide some helpful information and tips for managing agents to ensure they’re compliant.

We have also included a glossary to help explain some of the terms used under GDPR.