The new General Data Protection Regulation (GDPR) has now been published in the Official Journal, firing the starting gun on the countdown to compliance. 

Yesterday's publication of the official text follows on from final approvals from the Council of the European Union and the European Parliament.

When will the GDPR come into effect?

The GDPR will apply from 25 May 2018, meaning that organisations have just over two years to prepare.

How will the GDPR impact my organisation?

The GDPR will require all organisations to review and update their processes and practices for the handling of personal data. In order to assess the level of impact and the steps required to ensure compliance, each organisation will need to carry out a detailed review of how it currently collects and uses personal data and the adequacy of its internal policies and procedures.

Unless an organisation has a full picture of how it currently processes personal data, it will not be able to work out what needs to be done to ensure it is compliant come May 2018.

Where can I find out more about the GDPR?

We are already working with clients to help their organisations plan and prepare for the GDPR. To find out how we can assist you please contact me or your usual contact in Brodies' Data Protection and Information Law team.

To get an overview of the key changes download our two page summary to the GDPR (PDF).

We'll also continue to blog and tweet about the latest developments on the GDPR, including new guidance from the Information Commissioner and UK implementing legislation.


Martin Sloan