Skip to main content

The last update to UK data protection regulations was 20 years ago, when the Data Protection Act (DPA) 1998 was introduced.

To put this in context (and make some of you feel suddenly old), 1998 saw the rise of All Saints, the fall of The Spice Girls, Aerosmith scored their biggest ever global hit with “I Don’t Want to Miss a Thing” and Martha Lane Fox launched online travel site Lastminute.com.

The pace of change in the last 20 years has been breakneck. We’re living in a truly digital age, where consumers are crying out for protection of their personal rights. The GDPR aims to address this by giving consumers a unified regulatory data protection regime fit for our digital age.

Although many GDPR requirements are similar to the Data Protection Act 1998, the new regulations bring seven key changes that:

  • Introduce new contractual obligations
  • Increase the amount of information that needs to be given to individuals
  • Enhance reporting obligations in the event of a data breach
  • Impose heavier sanctions for non-compliance

What’s new? The seven key changes of GDPR

1. Data protection officer

Organisations that required “regular and systematic monitoring of data subjects on a large scale” will need to appoint a Data Protection Officer (DPO).

2. Changes to contracts

Contracts need to include specific additional wording on how personal data will be stored and protected.

3. Consent

Consent is much more stringent than under the DPA. It will have to be “freely given, specific and informed”.

4. Information to individuals

Organisations are obliged to provide individuals with additional information on what personal data is collected and for how long it will be stored.

5. Right to be forgotten

GDPR gives people stronger rights to allow people to request that information about them is removed.

6. Reporting breaches

In case of a serious breach where, say, personal data has been lost or disclosed without authorisation, organisations will have to inform the Information Commissioner’s Office (ICO) within 72 hours.

7. Sanctions

The maximum penalties for non-compliance have now increased from £500,000 to the greater of €20 million or four per cent of an organisation’s global turnover.

Learn more about GDPR for your business

Working with industry, public sector and legal professionals, Me Learning has developed a suite of GDPR courses aimed at all levels of your organisation. If you need help and would like to find out more, click here.

Do you have a question?

Whether it is a technical question or a sales enquiry, our helpdesk and sales team will be happy to help.