Skip to main content

General Data Protection Regulation (GDPR)

What is the General Data Protection Regulation (GDPR)?

The GDPR, or the General Data Protection Regulation, is a new set of regulations put forward by the European Commission. This will replace the previous Data Protection Directive from 1995. 

What is the purpose of the General Data Protection Regulation? 

The European Commission wants to give back control of personal data to consumers and also unify data protection regulations across the EU. These new regulations will be enforced in May 2018. 

The GDPR will be enforced by the Information Commissioners Office (ICO), who can take action against any company or governmental body that fails to adhere from May 2018. Businesses could face considerably higher fines than the previous directive of up to €23 Million, or 4% of their global annual turnover if they don’t meet the GDPR after the deadline. 

Who does the General Data Protection Regulation apply to?

  • Controllers and Processors of data as defined by the GDPR (similar to the DPA definitions).
  • Organisations operating in the EU as well as those outside the EU that offer their products/services to individuals in the EU.
  • The GDPR does not apply to activities such as processing covered by the Law Enforcement Directive and involving national security as well as personal/household activities.

How prepared are businesses for GDPR?

Copyright ©, 2014-2017. All rights reserved.

Experian Ltd is authorised and regulated by the Financial Conduct Authority. Experian Ltd is registered in England and Wales under company registration number 653331.
Registered office address: The Sir John Peace Building, Experian Way, NG2 Business Park, Nottingham NG80 1ZZ.