GDPR - What happens after 25 May 2018?

The GDPR came into force on 25 May 2018, but what happens now?

By the time you read this the 25th May will have been and gone. But that doesn’t mean we can forget all about the GDPR and relax.

GDPR readiness is not a one-off event

No organisation can say it is ever fully GDPR compliant as:

  • GDPR compliance requires that all policies, training and procedures are reviewed and updated on a regular basis.
  • The ICO is continually updating its guidance and refining its approach. How the ICO will interpret the GDPR remains to be seen.
  • The  European Data Protection Supervisor ( previously the Article 29 Working Party) is also expected to issue new guidance and interpretation

Remember – new UK legislation has also come into force: 

  • The DPA 98 has been replaced by the  Data Protection Act 2018 (DPA 2018) which will incorporate all of the GDPR and various other provisions with effect from 25 May 2018. The ICO is in the course of preparing updated guidance on what this will mean in practice.
  • A new fee structure is also in place, although if you have already paid for this year you will not have to pay the new fee until you renew.

And there's more still to come!

  •  The Privacy and Electronic Communications Regulations (PECR ) are also due for revision