In this video, Pragasen Morgan, a partner at EY, dissects what UK tech entrepreneurs need to know about the upcoming General Data Protection Regulation (GDPR).
After four years of preparation and debate, GDPR was approved by the EU Parliament in April 2016. The regulation, which will come in to force on the 25th May 2018, could see non-compliant firms face significant fines; hence why it’s essential that UK technology entrepreneurs are fully aware of the implications.
GDPR will replace the Data Protection Directive 95/46/EC and seeks to harmonise data privacy laws across Europe in a bid to safeguard the privacy of EU citizens and give them greater control over the use of their data.
Ultimately, GDPR will result in people having more rights around how their data is stored, used and shared by businesses.
Importantly, the regulation will introduce stringent requirements for organisations to notify the UK’s data watchdog (Information Commissioner’s Office) in the event of a data breach.
The UK government has said that the decision to Brexit will not affect the enforcement of GDPR and it’s important to note that the new regulation will not just affect EU-based businesses. In fact, any company which processes the data of citizens in the EU will need to comply with the regulation, regardless of whether that data is processed outside the EU’s frontier.