<img src="https://certify.alexametrics.com/atrk.gif?account=b2hlr1ah9W20em" style="display:none" height="1" width="1" alt="">
    Login
    Get started

    GDPR applies to all EU member states, but what is different about the way the General Data Protection Regulation (GDPR) is implemented within the EU member states, is, unlike the 1995 Directive, the GDPR is not a Directive, guidance or best practice, but actual EU wide Regulation. This means that the GDPR is enacted across all of the EU member states, from the same date and in the same way that it was written and issued by the EU. The GDPR did not require adaptation and transposition into member state law, it is member state law.

    The reason behind the GDPR

    Part of the reason behind the GDPR, was the need to harmonise data protection controls across the EU, as well as bringing the EU’s data protection legislation up to date with the way in which the EU and the world operates, interacts, conducts business and communicates. In today’s world for example, within excess of 2 billion Facebook users alone, it is hard to imagine that when the previous data protection legislation was enacted, in 1995, it is estimated that less than 1% of the population had access to the internet, and that social media sites such as Explorer, Facebook, Ebay and Amazon didn’t even exist!

    It is clear that the previous legislation did not adequately, or specifically provide protection for data used and communicated in today’s world, hence the need for the change and GDPR.

    So, does it all just impact the EU then? Or does this piece of EU Regulation carry force and impact around the world? Article 3 of the GDPR details the territorial scope of the regulation as being “the processing of the reason behind the gdprpersonal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not”, and “applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union or the monitoring of their behaviour as far as their behaviour takes place within the Union”.

    So, to clarify, whether the data subject is in the EU, or the processing of data runs in or through the EU, GDPR will apply. However, one might ask oneself, that if a controller or processor is not physically located within the EU, how can they be penalised if they breach? A question I am sure is on the lips of a lot of non EU controllers and processors, given the increased level of fines that can now be made.

    In short, the answer is – that such firms can still be penalised, as even though they may be physically located outside of the EU, to operate inside of the EU, or to process the data of an EU citizen,  the data controller or processor must still, according to Article 27 of the GDPR, designate a representative who shall act as a contact point for the processer or controller, with for example, the relevant supervisory authority.

    Therefore, whilst this is an EU based regulation, the consequences of getting it wrong, could, be impacting the whole of the world, if they wish to trade in, with or through the EU.

    With regard to the UK specifically and Brexit, the UK has made it clear that Brexit will not impact on the implementation of the GDPR and that indeed, if the UK wishes to trade with the EU and the world post Brexit, it will have to align itself to the data protection laws under which every other country operates.

    Want to know more about GDPR?

    As well as 30+ free compliance training aids, we regularly publish informative GDPR blogs. And, if you're looking for a training solution, why not visit our GDPR course library.

    If you've any further questions or concerns about GDPR, just leave us a comment below this blog. We are happy to help!

    Leave a comment

    Tick

    eBook: Essential Uncovered

    Skillcast Essentials is our best-selling library and there's a reason for that. Essentials library provides comprehensive coverage of the key compliance / conduct issues that companies in the UK face today.

    Download now

    The Risk Perception and Employee Misconduct Gap

    A recent Skillcast survey has highlighted the significant gap between the incidence of misconduct observed by employees at UK firms, and the risk perception of decision makers.  Key finding From our ...

    Read More
    UK Corporate Compliance Survey

    Why did Skillcast conduct a survey? Skillcast is the leading provider of corporate compliance e-learning and tools to companies in the UK, ranging from FTSE100 giants to small and mid-sized ...

    Read More
    Meet Skillcast at Learning Live 2019

    About Learning Live 2019 Learning Live brings together over 500 learning leaders for two days of facilitated group activities and networking tackling the challenges of workplace learning. Uniquely, ...

    Read More
    Success Stories: Royal Mail Serious Games

    Royal Mail, the pre-eminent delivery company in the UK were looking to further embed compliance within their business. Skillcast Serious Games was their ideal solution. Solution An online compliance ...

    Read More