GDPR

The General Data Protection Regulation (GDPR) sets the standards for processing personal data in the EU and has been incorporated into UK law by the introduction of the Data Protection Act 2018.

This data protection regime strengthens the rights of individuals, increases the enforcement powers of supervisory authorities (such as the Information Commissioner’s Office) and imposes obligations on organisations which process personal data. If you collect, store or use personal data, the data protection regime affects you.

You need to be clear about what personal data you hold about people, how that data is being used and how long it will be retained. You also need a legal basis for processing that data. Be aware that personal data includes anything that could identify a person, so names, addresses and email addresses, as well as cookies, IP addresses and telephone numbers.

The penalty for a data breach under GDPR is up to €20 million or 4% of annual global turnover – whichever is higher.

Laura Franklin
Employment solicitor

Talk to us about:

Read our blogs to find out more about GDPR

• Can I rely on legitimate interest for B2B marketing?
• Is your privacy policy GDPR compliant?
• Key things you should know about GDPR
• Is a work email address personal data under GDPR?