The General Data Protection Regulation (GDPR), agreed upon by the European Parliament and Council, will replace the Data Protection Directive 95/46/EC in spring 2018 as the primary law regulating how companies protect EU citizens’ personal data. And it’s the biggest shakeup to data protection since the UK’s 1998 Data Protection Act.
The new rules will come into force in May 2018, and early indicators suggest that many businesses aren’t ready. According to one study, around 3.2 million small companies in the UK don’t have plans in place to ensure they are GDPR-compliant. This could be a risky move, as failure to comply with the new rules can result in a fine equal to 4% of annual global revenue or €20 million, whichever is greater.