Finally, after three years of discussions and negotiations, the EU General Data Protection Regulation (GDPR) has been agreed.

The GDPR will replace the current Data Protection Directive 95/46/EC (Directive) and will take direct effect in all Member States without the need for local implementing legislation. The GDPR will apply from 25 May 2018.

We have produced a simple guide which sets out the main changes under the GDPR that will have most impact on businesses as well as “top tips” on what to do and think about in order to comply.

On 23 June 2016, the UK population voted to leave the EU in a national referendum. The formal Article 50 notice to leave the UK was given by the UK Government to the European Council on 29 March 2017, meaning that the official exit will not take place until at least March 2019. Therefore, the GDPR will already have taken effect by the time the UK leaves the EU. However, regardless of the political future of the UK, one thing is certain: if the UK wishes to continue benefiting from the EU Digital Single Market, it will have to enact the GDPR, in some form or other.

On 7 August 2017 the UK Government published a statement of intent on its planned Data Protection Bill, due to be published in Autumn 2017, which confirms the intention for the future UK legislation to reflect the provisions of the GDPR. We are therefore recommending all UK companies to continue with their GDPR compliance programmes.