“What is GDPR? The summary guide to GDPR compliance in the UK”
WIRED UK, March 24, 2020
By Matt Burgess
“General Data Protection Regulation, or GDPR, have overhauled how businesses process and handle data. Our need-to-know GDPR guide explains what the changes mean for you”
On May 25, 2018, years of preparation ended. Across Europe, long-planned data protection reforms started to be enforced. The mutually agreed General Data Protection Regulation (GDPR) has now been in place for around two years and has modernised the laws that protect the personal information of individuals.
GDPR has replaced previous data protection rules across Europe that were almost two decades old – with some of them first being drafted in the 1990s. Since then our data-heavy lifestyles have emerged, with people routinely sharing their personal information freely online.
The EU’s says GDPR was designed to “harmonise” data privacy laws across all of its members countries as well as providing greater protection and rights to individuals. GDPR was also created to alter how businesses and other organisations can handle the information of those that interact with them. There’s the potential for large fines and reputational damage for those found in breach of the rules.
The regulation has introduced big changes but builds on previous data protection principles. As a result, it has led to many people in the data protection world, including UK information commissioner Elizabeth Denham, to liken GDPR to an evolution, rather than a complete overhaul of rights. For businesses which were already complying with pre-GDPR rules the regulation should have been a “step change,” Denham has said.
Despite a pre-GDPR transition period taking place, which allowed businesses and organisations time to change their policies, there has still been plenty of confusion around the rules. Here’s our guide to what GDPR really means.
What is GDPR exactly?
GDPR can be considered as the world’s strongest set of data protection rules, which enhance how people can access information about them and places limits on what organisations can do with personal data. The full text of GDPR is an unwieldy beast, which contains 99 individual articles.
The regulation exists as a framework for laws across the continent and replaced the previous 1995 data protection directive. The GDPR’s final form came about after more than four years of discussion and negotiations – it was adopted by both the European Parliament and European Council in April 2016. The underpinning regulation and directive were published at the end of that month.
GDPR came into force on May 25, 2018. Countries within Europe were given the ability to make their own small changes to suit their own needs. Within the UK this flexibility led to the creation of the Data Protection Act (2018), which superseded the previous 1998 Data Protection Act.
The strength of GDPR has seen it lauded as a progressive approach to how people’s personal data should be handled and comparisons have been made with the subsequent California Consumer Privacy Act.
About the Author:
Matt Burgess is a senior writer at WIRED focused on information security, privacy, and data regulation in Europe. He graduated from the University of Sheffield with a degree in journalism and now lives in London.