General Data Protection Regulation (GDPR) – What, Why, Where & When


Harry Leech

GDPR is the most significant overhaul of European data-protection regulations in more than 20 years (Stock picture)
GDPR is the most significant overhaul of European data-protection regulations in more than 20 years (Stock picture)

What is the GDPR? 

The General Data Protection Regulation (GDPR) is a new piece of data protection regulation which will become law across the EU in May 2018. It will replace all current data protection regulations.

In Ireland the main law dealing with data protection legislation is the Data Protection Act 1988, which was amended by the Data Protection (Amendment) Act 2003. These will both be replaced by the GDPR.

Why is it being implemented? 

A lot has happened in technology and data protection in the last 14 years – Google was in its infancy in 2003 and Facebook, Twitter, LinkedIn, WhatsApp and Spotify were not yet invented. 

Since 2003 there has also been an explosion in the volume of consumer data used and stored by businesses large and small across the EU. Current regulations are not tailored for the digital economy, which is a significant problem for both businesses and consumers. 

What are the major changes? 

The new regulations will give consumers greater control over how their personal data is used by improving on current legislation and should help improve trust in the digital economy. 

This will require a change of practice on behalf of most companies, but it will also give a clearer and simpler environment in which to operate. It is estimated to save EU businesses a total of €2.3 billion per year. 

Where does the GDPR apply? 

The new regulation covers all businesses operating in the EU – no one state will be subject to less or more regulation than any other state, so there will be a level playing field. 

The new regulation also applies to any personal data of EU citizens which is stored outside the EU. If a company based outside the EU (such as a cloud storage service) stores data belonging to an EU, they are also subject to the new rules. 

When does the GDPR take effect? 

The new legislation comes into effect in May 2018, but if you haven't already, the time to start preparing for it is now. 

Changing business practices to comply with the new regulations will take time, and if there are any shortfalls from May 2018 it could cost your company dearly. 

The DataSec 2017 conference takes place on 3rd of May in the RDS in Dublin.

The event will provide expert speakers, information and insight to help your business comply with GDPR and get the most out of the new legislation.  Click here to book your place now.