What is GDPR The summary guide to

GDPR compliance in the UK

General Data Protection Regulation (GDPR) is a data protection regulation that is being
introduced on 25th May 2018 and replaced two decade old data protection rules in Europe. The
main aim of this regulation is to provide greater protection and rights to individuals. However,
countries within Europe were given the flexibility to make some changes according to their need
and UK has created Data protection Act (2018) replacing 1998 Data Protection Act. GDPR is
applicable to all the citizens and businesses in EU and also the businesses that are based outside
EU but doing business in the EU region. The Key principles of GDPR are awfulness, fairness
and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity
and confidentiality (security); and accountability. Among these principles UK Data protection
Act (1998) includes every principles except accountability. Key changes in the new GDPR
includes the followings. First of all, organizations should collect data from individual only what
they need nothing more than that. Secondly, personal data must be protected with high integrity
and confidentiality. Data should be protected under appropriate information security protection
thus it shouldn’t be accidentally leaked or breached. Besides, one can now know with a
minimum charge what information about him/her has been known by any organization. Nobody
can know anybody else’s information. Moreover, GDPR also has the power to impose penalty,
fine and other punishment if individual’s data hasn’t been processed in right way or any breach
or violation of the GDPR regulations.