GDPR refers to General Data Protection Regulation – new legislation from the EU on the protection and handling of personal data. The updated regulation aims to address the data protection challenges that have resulted from “rapid technological developments and globalization” by unifying rules and rights across the EU.

The EU General Data Protection Regulation (GDPR) was approved by the EU Parliament on 14 April  2016 and is enforceable from 25 May 2018. It replaces the EU Data Protection Directive and in the  UK it replaces the Data Protection Act 1998 (DPA).

GDPR is significant for a number of reasons, but most notably because the financial penalty for an infringement is increasing from the current maximum of £500,000 to €20m or 4% of annual worldwide turnover.  Check out our GDPR guide to find out more.