General Data Protection Regulation (GDPR)

What is GDPR?

GDPR stands for General Data Protection Regulation. It is a regulation by which the European Union and European Commission intent to improve and unify data protection for all individuals with the European Union (EU). The regulation was adopted in April 2016, to help individuals get control over their personal data and to have a regulatory standard for all international business to follow within the EU. This regulation will be enforceable by the 25th of May 2018, after a two-year transition period.

What should you know?

Here are some things you should know about GDPR:

  • The Definition of personal data is - location data, IP addresses and online identifiers could all be used to identify a user and therefore counts as personal data.
  • Privacy by design (PbD) and privacy by default - the systems which are developed must be designed to ensure privacy issues are addressed/built into the systems in the initial stages of the project.
  • GDPR applies to both data controllers and data processors – meaning that data processors now have a security standard of how they process personal data. Fines will occur for non-compliance of GDPR.
  • Data Probability and right to be forgotten – allows individuals to request the dataset held by an organisation about them and allows and individual to request that data to be erased as well if no longer necessary.
  • Accountability – ensure that all documentation is fully up to date by reviewing what, why and how personal information is processed. This includes all privacy policies and ensures that these accurately reflect the purpose for which the data will be used.
  • Data Protection Impact Assessments (DPIA) – DPIA will allow to identify privacy risks at an early stage of any project involving personal. It is a currently the Scottish Government policy and soon to be a legal requirement.

What if you don’t follow the GDPR regulation?

Under the GDPR, the Information Commissioner’s Office (ICO) is able to impose fines of up to 20 million euros or 4% of group worldwide turnover (whichever is greater) against both the data controllers and processers.

For more information visit the EU General Data Protection Regulation website at:

If you require any more information please get in touch at [email protected] 


Related News

Member Log-In

Welcome to the SBRC Members Lounge, login details will be issued to members in due course.

Forgot password?