Frequently Asked Questions

Including the General Data Protection Regulation

What is the GDPR?

The General Data Protection Regulation (GDPR) is Europe's new set of rules to protect personal data collected and used by businesses. The new framework gives greater protection and rights to individuals and places obligations on businesses for better data management.

GDPR comes into effect on 25th May 2018.


The changes:

  • Make it simpler to withdraw consent for the use of personal data
  • Allow people to ask for their personal data held by companies to be erased
  • Enable parents and guardians to give consent for their child’s data to be used
  • Require ‘explicit’ consent to be necessary for processing sensitive personal data
  • Expand the definition of ‘personal data’ to include IP addresses, internet cookies and DNA
  • Update and strengthen data protection law to reflect the changing nature and scope of the digital economy
  • Make it easier and free for individuals to require an organisation to disclose the personal data it holds on them
  • Make it easier for customers to move data between service providers
  • New criminal offences will be created to deter organisations from either intentionally or recklessly creating situations where someone could be identified from anonymised data