Facebook founder Mark Zuckerberg was still in high school, two Stanford PhD students were in the process of founding Google and none of us had even heard of WiFi, let alone cloud computing, when the UK passed it’s most recent Data Protection Act.

So, it’s fair to say the legislation could do with a tune-up. The General Data Protection Regulation (GDPR) will supersede our 1998 Act and similar legislation in every other EU member state, and has been built to unify legislation and strengthen data protection for individuals throughout the EU.

privacy policy

What’s new?


There are new rights for data subjects; new responsibilities for businesses; a new principle: accountability; and much tougher penalties including compensation for data subjects and fines of up to €20 million (more for the very largest companies).

What do brokers need to know?


Far too much to cover here, but BIBA has produced extensive guidance, available online.

What about law firms?


Similarly, solicitors have a lot to be aware of, but the Law Society has created some excellent resources for the profession.

But, but… Brexit?


GDPR will be enforced in the UK regardless of Brexit. It is also expected that its requirements will continue here, whatever the terms of any Brexit deal.

How long have we got?


About 6 months. GDPR compliance must be achieved by May 25, 2018. That may still seem a way off , but we all know how long systems work can take.