What is the General Data Protection Regulation?
The GDPR updates and overhauls European data protection law. The GDPR places new and enhanced, ongoing obligations on all organisations with serious sanctions for breaches including fines of up to 4% of global turnover or €20m, whichever is greater. The GDPR replaces the European Data Protection Directive (95/46/EC), which dates back to 1995. While many fundamental concepts and principles remain broadly the same, the GDPR provides for significant changes which involve wide ranging impacts on a broad range of sectors.
How does the GDPR work?
The GDPR is in the form of a regulation, which means that it is directly applicable in all EU Member States without the need for further implementing legislation (although Member States have discretion around the implementation of certain requirements). The GPDR has been drafted with the aim of ensuring that a single, uniform set of data protection rules apply across the EU. In Ireland, the Data Protection Act 2018 gives further effect to the GDPR. Although many of the GDPR’s provisions are broadly similar to those contained in the previous data protection framework, there are a number of new and onerous requirements. As such, organisations should, to the extent they have not done so already, review their data protection policies, procedures and controls, and identify any gaps that need to be addressed.
For a list of all our GDPR related briefings please see here.