<img src="https://certify.alexametrics.com/atrk.gif?account=b2hlr1ah9W20em" style="display:none" height="1" width="1" alt="">
    Login
    Find courses

    General Data Protection Regulation – Just an EU Thing – Right?

    Published on 20 Apr 2018 by Martin Schofield

    GDPR applies to all EU member states, but what is different about the way the General Data Protection Regulation (GDPR) is implemented within the EU member states, is, unlike the 1995 Directive, the GDPR is not a Directive, guidance or best practice, but actual EU wide Regulation. This means that the GDPR is enacted across all of the EU member states, from the same date and in the same way that it was written and issued by the EU. The GDPR did not require adaptation and transposition into member state law, it is member state law.

    The reason behind the GDPR

    Part of the reason behind the GDPR, was the need to harmonise data protection controls across the EU, as well as bringing the EU’s data protection legislation up to date with the way in which the EU and the world operates, interacts, conducts business and communicates. In today’s world for example, within excess of 2 billion Facebook users alone, it is hard to imagine that when the previous data protection legislation was enacted, in 1995, it is estimated that less than 1% of the population had access to the internet, and that social media sites such as Explorer, Facebook, Ebay and Amazon didn’t even exist!

    It is clear that the previous legislation did not adequately, or specifically provide protection for data used and communicated in today’s world, hence the need for the change and GDPR.

    So, does it all just impact the EU then? Or does this piece of EU Regulation carry force and impact around the world? Article 3 of the GDPR details the territorial scope of the regulation as being “the processing of the reason behind the gdprpersonal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not”, and “applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union or the monitoring of their behaviour as far as their behaviour takes place within the Union”.

    So, to clarify, whether the data subject is in the EU, or the processing of data runs in or through the EU, GDPR will apply. However, one might ask oneself, that if a controller or processor is not physically located within the EU, how can they be penalised if they breach? A question I am sure is on the lips of a lot of non EU controllers and processors, given the increased level of fines that can now be made.

    In short, the answer is – that such firms can still be penalised, as even though they may be physically located outside of the EU, to operate inside of the EU, or to process the data of an EU citizen,  the data controller or processor must still, according to Article 27 of the GDPR, designate a representative who shall act as a contact point for the processer or controller, with for example, the relevant supervisory authority.

    Therefore, whilst this is an EU based regulation, the consequences of getting it wrong, could, be impacting the whole of the world, if they wish to trade in, with or through the EU.

    With regard to the UK specifically and Brexit, the UK has made it clear that Brexit will not impact on the implementation of the GDPR and that indeed, if the UK wishes to trade with the EU and the world post Brexit, it will have to align itself to the data protection laws under which every other country operates.

    Want to know more about GDPR?

    As well as 30+ free compliance training aids, we regularly publish informative GDPR blogs. And, if you're looking for a training solution, why not visit our GDPR course library.

    If you've any further questions or concerns about GDPR, just leave us a comment below this blog. We are happy to help!

    Leave a comment

    Tick

    eBook: Essential Uncovered

    Skillcast Essentials is our best-selling library and there's a reason for that. Essentials library provides comprehensive coverage of the key compliance / conduct issues that companies in the UK face today.

    Download now

    8 Tips for GDPR Compliance When Sharing Data

    Before you transfer personal data to other organisations, especially outside the EEA, you need to stop and think about the GDPR implications. The sharing of personal data by businesses and ...

    Read More
    Key UK Competition Law Fines

    Many businesses try to profit from gaining an unfair competitive advantage. Here are eight costly examples of what happens when you breach UK competition law.  The consequences of breaking UK ...

    Read More
    The 12 Most Notorious UK Discrimination Cases

    Discrimination takes many forms, from gender or age to well-intentioned or just downright malicious. Here we examine some of the most serious and high profile cases in the UK. However, no matter what ...

    Read More
    Biggest GDPR Fines of 2020

    Breaching the GDPR can cost you up to €20 m or 4% of annual global turnover. Which is why we are tracking the size and reasons for the biggest GDPR fines of 2020 - to help you avoid them! Since ...

    Read More