Compared to the current Data Protection Act the the GDPR increases the scope of data protection and provides much tougher punishments for those who fail to comply with new rules around the storage and handling of personal data.

“In the modern economy, data has huge value and its innovative use leads to better services and more productive businesses,” says Tom Thackray, CBI Innovation Director, “but firms know that this ability to innovate is dependent on customers having confidence that their information is well protected. This legislation strikes the right balance in improving standards of protection while still enabling businesses to explore new products and services.”

The GDPR will be enforced from 25 May 2018. The Regulation extends the data rights of individuals, and requires organisations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organisational measures.

Penalties for infringement can be up to 4% of turnover or €20 million whichever is the greater.