GDPR, the General Data Protection Regulation, is a piece of EU regulation. It will replace the existing Data Protection Act when it is enacted in the UK on the 25th May 2018. The GDPR provides a suite of rules that govern the ways in which businesses, of all types and sizes, must manage and protect the personal data that they collect, and use, in the course of running their business. These regulations are not Financial Services specific; they apply across all industries and all types of organisations.
The GDPR has been introduced in response to the far-reaching changes in technology that have taken place over the last couple of decades, i.e. since the DPA was introduced. As a society we’ve become accustomed to using all kinds of new technologies and we are using all sorts of different devices in our daily lives to an extent that most people would have simply never dreamt of twenty years ago. For example, smartphones did not exist ten years ago and yet now it’s hard for many of us to imagine life without them! And, as a consequence, there’s far more personal data being collected, stored, processed and transmitted in new and different ways by many more organisations; which is why the new GDPR regulations have been introduced, i.e. to increase the level of protection afforded to consumers and to minimise the number of scams caused by the abuse of personal data.
Of course, being a piece of EU regulation you might wonder what happens post-BREXIT, i.e. will the need to comply disappear almost as soon as it has been introduced? The short answer is no as the UK Government has already confirmed that BREXIT will not affect the commencement of GDPR.