EU Regulation 2016/679, generally known as the General Data Protection Regulation (GDPR), can be found at eur-lex.europa.eu. As an EU Regulation, it had direct effect in the UK from the day it came into force (25 May 2018). The Data Protection Act 2018, according to the ICO, is meant to be read side by side with GDPR. The ICO notes that the GDPR gives Member States limited opportunities to make provisions for how it applies in their particular country. One element of the DPA 2018 is providing these details. Parts of the new Act cover the ICO and its duties, functions and powers plus the enforcement provisions required to implement the GDPR. It also transposes the provisions of the EU Law Enforcement Directive into national law setting out the requirements for the processing of personal data for criminal “law enforcement purposes”.

GDPR controls how personal information is used by organisations, businesses or the Government and it is designed to make sure that people’s personal information is protected — no matter where it is sent, processed or stored, even outside the EU.

The ICO noted that organisations in the UK which had complied with the requirements of the Data Protection Act 1998 (DPA) would be in a good position to meet their obligations under GDPR. However, as this topic makes clear, there are several new elements and significant enhancements which require a more coherent and focused approach to data protection.

Quick Facts

Key points you need to know on this topic.

In-depth

Detailed information on all matters in this topic.