The General Data Protection Regulation will come into force in the member states of the European Union on 25 May 2018.
By way of a reminder, this new far-reaching law is in the form of an EU Regulation which means that it will come into force in member states without the requirement of further implementing domestic legislation.
This is in contrast to the last major EU-wide reform of data protection which was in the form of a Directive in 1995.The Directive was implemented in the UK by the Data Protection Act 1998.
The implementation date for the GDPR will be before the expiry of the 2 year period for the withdrawal of the UK as a member state of the European Union. As readers will be aware the Article 50 notice was served on 29 March 2017 by the UK government.
All data controllers and data processors in the UK (and across the EU) therefore need to be ready to comply with the new obligations of the GDPR from 25 May 2018.
It remains to be seen how data protection law will be adapted for a post-Brexit context in the UK, although it will be important to ensure that the UK provides equivalent protection for personal data to that provided for citizens in other member states.
Accordingly, it remains appropriate to continue to prepare for the implementation of the General Data Protection Regulation and, without slowing the pace of preparation, to keep an eye out for developments for the emerging UK context.
Our content explained
Every piece of content we create is correct on the date it’s published but please don’t rely on it as legal advice. If you’d like to speak to us about your own legal requirements, please contact one of our expert lawyers.