The General Data Protection Regulation (GDPR) is an EU initiative, which supersedes the
1998 Data Protection Act (DPA) and automatically came into effect on the 25th May 2018.
The previous legislation (DPA) was authorised before new ways of using data by the internet and
cloud technology had been realised. The aim of the GDPR is to rectify this by strengthening
current data protection laws and through introducing tougher enforcement measures. The main
emphasis behind the regulation is to give people back ownership of their data and to improve
trust in the digital market.
The GDPR affects any party that controls or processes information, whether it’s a profit
seeking company, a charity or a government body. For further information please visit the
Information Commissioners Office (ICO), which is the known authority in regards to the GDPR: