GDPR - UK General Data Protection Regulation

Understand the UK’s new legislation and how it will effect you.

Who does GDPR apply to?

The GDPR applies to ‘controllers’ and ‘processors’. The definitions are broadly the same with a few enhancements in key areas such as the introduction of ‘The Right to be Forgotten’, Data Portability, Breach Notifications and Greater Accountability.

If you are a processor, the GDPR will place a greater liability on you if a breach occurs. Controllers have greater responsibility to ensure contract with processors are operated correctly.

The GDPR does not apply to certain activities including;

  • Processing covered by the Law Enforcement Directive.
  • Processing for National Security purposes.
  • Processing carried out by individuals purely for personal or household activities.

There are further obligations under The Electronic Commerce (EC Directive) Regulations 2002, these specifically deal with online selling and buying activities through eCommerce functionality.