When: 25 May 2018 the GDPR will become fully enforceable throughout the European Union
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC.
There are varying acts that cover Europe, The GDPR will bring the laws across Europe in line and ensure that all EU citizens are protected by the new act. The old data protection act was formed in 1995. The online world and evolution of how we hold that data no longer comparable and the system of enforcing the law itself will also be overhauled.
There official website explaining the changes and outlining what you need to know if here. http://www.eugdpr.org/
What does it mean to you
As we haven’t yet left the EU if you are in control of your companies you need to be ready to comply by the 25th of may 2018. The penalty for non-compliance can be upto 4% of your global turnover or €20 million which ever is greatest.
You need to ensure that your systems are compliant – not just your own data, also shared data and data in the cloud.
Be sure you understand what data that you are no longer allowed to retain and have procedures in place to ensure that this is consistently up dated and deleted if no longer required.
The Information Commission has a great PDF on the 12 steps that you should take to prepare. Have you? Preparing for the GDPR – 12 Steps Guide