This website uses cookies. View our cookie policy

EU General Data Protection Regulation (GDPR) Overview

What is the GDPR?

The GDPR is a new law that will harmonise data protection in the European Union (EU). It will supersede the Data Protection Directive 1995 (DPD), and all domestic laws based on it, such as the UK Data Protection Act 1998 (DPA).

The Regulation extends the data rights of individuals in the EU and requires organisations to develop clear policies and procedures to demonstrate their compliance. It also requires organisations to take ”appropriate technical and organisational measures” to comply with its requirements.

The GDPR will apply to all organisations that process EU residents’ personal data, including organisations outside the EU. UK organisations will need to make sure they are compliant, as the government has confirmed that the Regulation will apply in the UK, despite Brexit.


When does it take effect?

The GDPR came into effect in May 2016 and will be enforced from 25 May 2018. This gives organisations less than 10 months to make sure they are compliant.


Fines for non-compliance with the GDPR

Organisations that breach the GDPR can expect hefty fines of up to 4% of annual global turnover or €20 million – whichever is greater.

This level of compliance risk should be a considerable incentive for all organisations to achieve better levels of information security.

For many organisations, the threat of business closure as a result of breaching the GDPR could soon become a reality.


Key changes introduced by the GDPR

The GDPR aims to protect EU residents from data and privacy breaches, and has been introduced to keep up with the modern digital landscape.

Any organisation processing personal data must, from 25 May 2018, comply with GDPR in respect of that data processing. This means that identifying what personal data you hold and how it is used is a critical part of any GDPR compliance project.

The Regulation introduces a number of key changes:

View the published text of the Regulation in the Official Journal of the European Union >>


How Vigilant Software can help your organisation prepare for the GDPR

Vigilant Software provides organisations of all types, sizes and locations with compliance software to streamline their GDPR projects.

To comply with the GDPR, organisations must understand what personal data they process. To do so, it’s necessary to create a data flow map.

The latest addition to CyberComply, the Data Flow Mapping Tool, simplifies the process of creating data flow maps, making them easy to review, revise and update as your organisation evolves.

The Data Flow Mapping tool helps accelerate your understanding of how personal data is collected and processed and helps you systematically identify all the stages in a personal data flow that have data protection implications. This enables you to more quickly determine the appropriate administrative and technical controls necessary to comply with the GDPR.

Find out more