General Data Protection Regulation (GDPR)

Printer-friendly versionPrinter-friendly version
The General Data Protection Regulation (GDPR) is the European Union's new framework for data protection laws which comes into effect on 25 May 2018. The Government has confirmed that the UK's decision to leave the European Union will not affect its implementation in the UK.
Currently in the UK, the Data Protection Act 1998 sets out how your personal information can be used by companies, government and other organisations. The GDPR will replace the Data Protection Act 1998 when it comes into force on 25 May 2018. It will change how organisations process and handle data, with the key aim of giving greater protection and rights to individuals.
There are new and extended rights for individuals in relation to the personal data an organisation holds about them, for example, an extended right to access and a new right of data portability.
You can obtain further information about these rights from the Information Commissioner's Office at: or via their telephone helpline on 0303 123 1113.
In addition, organisations will have an obligation for better data management and a new regime of fines will be introduced for use when an organisation is found to be in breach of the GDPR.