The countdown has begun. On the 4 May, the General Data Protection Regulation, un-catchily named Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, but we will continue to refer to it as the GDPR, was published in the Official Journal and this marks the start of a two year 20 day journey towards its application in all Member States on 25 May 2018.

Over the next two years organisations will need to get to grips with what these changes mean to their data processing operations and put GDPR implementation programmes in place to ensure compliance by 25 May 2018. The UK government will be putting in place legislation where the GDPR grants flexibility to Member States to enact its own data processing laws and the Information Commissioner ("ICO") will be producing pragmatic guidance to assist organisations in understanding their obligations. We are busy canvassing areas of concern and requests for guidance from our clients to present to the ICO. To contribute to our call for input please click here.