Blog

On Friday 25th May next year the UK’s 1998 Data Protection Act (DPA) will be replaced with the EU’s General Data Protection Regulation (GDPR). While there are some questions regarding whether GDPR will still apply to the UK after Brexit, it is highly likely that GDPR will be converted to UK law through the Great Repeal Bill.

So what is the GDPR?

The GDPR is Europe’s new framework revolving around the storage and handling of an individuals data. It will be enforced by the Information Commissioner’s Office (ICO), and provides new rights for people to access and have a say about the information that companies hold about them.

How does this affect me?

According to the ICO, GDPR is likely to affect anyone previously subject to the DPA, whether they work for a large multinational company or an SME. The new regulations will also provide the ICO with the power to exercise fines much higher than the £500,000 penalty they can currently give out. In fact, smaller offences could result in fines of up to €10m or 2% of the firm’s global turnover (whichever is greater), whereas serious offences can be up to €20m or 4% of their global turnover (whichever is greater). To put that into perspective, fines for data breaches last year would have been 79 times greater if GDPR was applied.

With recent high profile cyber-attacks highlighting the cost of data protection breaches, it’s important to wise up on safeguarding methods, and with the ease and sophistication of data collection currently employed by all businesses, ignorance will be no easy defence for compliance failure.

Meet our chair

Lynn Wyeth – Information Governance Manager for Leicester City Council

With over 10 years’ experience as a practitioner, Lynn holds a postgraduate diploma in Information Rights and the Certificate in Security Management Principles, as well as being an accredited HSCIPP privacy practitioner.

With previous experience working as an MP and MEP’s political assistant, Lynn moved to her local council where she now oversees the Council’s Information Governance agenda, including data protection, freedom of information, information sharing, RIPA and CCTV.

Lynn is also the author of two books, A Practical Guide to Handling Freedom of Information Requests and Data Protection: Compliance in Practice. Along with helping health organisations with their information governance procedures, Lynn’s vast experience makes her the ideal chair for our Understanding Data Protection & GDPR workshop. There she will discuss a range of issues including the ICO and DPA, privacy and information sharing, effective data protection culture and managing data risk, as well as fielding any questions you may have.


Join us in Central London on 11th December for Understanding Data Protection & GDPR, where we will be discussing an array of topics including information sharing, information governance and GDPR after Brexit.

Alternatively, if you would like to talk to us about running this course for you at your organisation at a time and date that suits you, please email [email protected] for more information.