Skip to Main Content
This website uses cookies. View our cookie policy

EU GDPR (General Data Protection Regulation) Overview

What is the GDPR?

The GDPR, enforced on 25 May 2018, harmonises data protection across the EU. It supersedes all domestic laws based on the DPD (Data Protection Directive 1995), including the UK’s DPA (Data Protection Act 1998). The UK has since enforced the DPA 2018, taking the GDPR into account – cementing its requirements in British law regardless of Brexit. Note that any organisation processing EU residents’ personal data has to comply with the Regulation – whether based in the EU or not.


Key changes introduced by the GDPR

The Regulation extends the rights of data subjects, aiming to protect EU residents’ personal data and mitigate breaches. It also places several new obligations on organisations; among other things, they must develop or update certain policies and procedures, including privacy policies. Organisations must also take “appropriate technical and organisational measures” (Article 32) to comply.

The Regulation introduces a number of key changes:

View the published text of the Regulation in the Official Journal of the European Union >>


Fines for non-compliance with the GDPR

Organisations that breach the GDPR may receive fines of up to 4% of annual global turnover or €20 million (around £17.5 million) – whichever is greater. This should provide incentive for all organisations to achieve better levels of information security.


How Vigilant Software can help your organisation to comply with the GDPR

Vigilant Software provides organisations of all types and sizes, and in all locations, with compliance software to streamline their GDPR projects.

To comply with the GDPR, organisations must understand what personal data they process. To do so, it’s necessary to create a data flow map.

The Data Flow Mapping Tool, simplifies the process of creating data flow maps, making them easy to review, revise and update as your organisation evolves.

This tool helps accelerate your understanding of how personal data is collected and processed and helps you systematically identify all the stages in a personal data flow that have data protection implications. This enables you to more quickly determine the appropriate administrative and technical controls necessary to comply with the GDPR.