What the GDPR means for businesses

The long-awaited General Data Protection Regulation (GDPR) of the EU was provisionally agreed in December 2015.1 The final details are still being ironed out, but publication of the final version of the regulation is expected around July 2016.2 There will then be a two-year waiting period until every organisation that does business in, or with, the EU must comply with the regulation. Since it is a regulation, not a directive, compliance is mandatory, without the need for each member state to ratify it into its own legislation. The GDPR expands the scope of data protection so that it applies to anyone or any organisation that collects and processes information related to EU citizens, no matter where they are based or where the data is stored. Colin Tankard of Digital Pathways examines what effect the new regulation is likely to have on organisations. © 2016 Elsevier Ltd