On 25 May 2018 the new EU General Data Protection Regulation (GDPR) came into force (this included the United Kingdom regardless of its decision to leave the EU) and impacted each and every organisation that holds or processes personal data.
It introduced new responsibilities, including the need to demonstrate compliance, more stringent enforcement and a significant increase in penalties compared to the current Data Protection Act (DPA) that it superseded.
In simple terms, individuals now have greater say over how, why, where and when their personal data is gathered, processed and disposed of. Any organisation that works with EU residents’ personal data in any manner, irrespective of location, has obligations to protect the data.
If you hold and process personal information about clients, staff or suppliers, you are legally obliged to protect that information.