Facebook founder Mark Zuckerberg was still in high school, two Stanford PhD students were in the process of founding Google and none of us had even heard of WiFi, let alone cloud computing, when the UK passed it’s most recent Data Protection Act.

So, it’s fair to say the legislation could do with a tune-up. The General Data Protection Regulation (GDPR) will supersede our 1998 Act and similar legislation in every other EU member state, and has been built to unify legislation and strengthen data protection for individuals throughout the EU.

privacy policy

What’s new?


There are new rights for data subjects; new responsibilities for businesses; a new principle: accountability; and much tougher penalties including compensation for data subjects and fines of up to €20 million (more for the very largest companies).

What do brokers need to know?


Far too much to cover here, but BIBA has produced extensive guidance, available online.

What about law firms?


Similarly, solicitors have a lot to be aware of, but the Law Society has created some excellent resources for the profession.

But, but… Brexit?


GDPR will be enforced in the UK regardless of Brexit. It is also expected that its requirements will continue here, whatever the terms of any Brexit deal.

How long have we got?


About 6 months. GDPR compliance must be achieved by May 25, 2018. That may still seem a way off , but we all know how long systems work can take.

You may also be interested:

identity theft on the rise

Identity Theft on the rise

ARAG offers telephone advice to Family Legal Solutions policyholders about how they can keep their ID secure, and if something does go wrong a full resolution service is available. This puts our policyholder in touch with a case worker who can assist with drafting letters to financial institutions and suppliers of goods or services.

GDPR regulations

GDPR: how to demonstrate accountability

Most importantly, you must have appropriate data protection policies and procedures. You may be a very fair person and only ever process data lawfully, fairly and transparently (as required by the GDPR). But if you don't have policies and procedures, you won't be able to demonstrate that.

identity theft insurance cover

News report exposes 57% increase in Identity theft

Research found that fraudsters scour social media websites to obtain personal data such as name, date of birth, address and bank details and it was claimed that " Facebook, Twitter and LinkedIn had become a "hunting ground" for identity thieves". More than 85% of the frauds were carried out online.