The EU’s General Data Protection Regulation (GDPR), introduced by the EU to bring data protection legislation into line with new, previously unforeseen ways that data is now used, will apply from May 25th. The current legislation was enacted before the internet and cloud technology created new ways of exploiting data, and the GDPR seeks to address that.
By strengthening data protection legislation and introducing tougher enforcement measures, the EU hopes to improve trust in the emerging digital economy. The GDPR will apply in all EU member states from 25 May 2018. Ultimately, the arrival of GDPR will put the control of personal data back into the hands of the individual, allowing a number of rights including access to their data and the ability to withdraw it. It also means that organisations cannot simply gather data without good reason and must prove that they are doing all they can to protect the data they do hold. The law applies to any company that is targeting consumers in the European Union and holding or transporting data relating to them, meaning it has the potential to impact companies globally.