The General Data Protection Regulation was adopted by the European Parliament in April 2016 and comes
into force on the 25th May 2018.
The current UK Data Protection Act 1998 sets out how your personal information can be used by companies,
government, and organisations. GDPR changes how this personal data can be used and applies to both
personal data and sensitive personal data. Personal data, a complex category of information, broadly
means a piece of information that can be used to identify a person. Companies covered by the GDPR will
be more accountable for their handling of people's personal information, this means organisations
need to implement vigorous data protection policies and possess relevant documents on how data is
processed.
As well as putting new obligations on the companies and organisations collecting personal data, the GDPR
also gives individuals a more power to access the information that is held about them. One of the most
talked about elements of the GDPR is the power for regulators to fine businesses that do not comply with
it. GDPR states offences with serious consequences can have fines of up to €20 million or four percent
of a company's global turnover (whichever is greater).
GDPR will have a varying impact on businesses and organisations, to help prepare for the start of GDPR,
certain steps such as making senior business leaders aware of the regulation, determining which
information is held, updating procedures around subject access requests, and what should happen in the
event of a data breach must be implemented.
Our GDPR Related Policies
The following policies cover how In The Footsteps cover the requirements of GDPR and related requirements:
Return to previous page
Page last updated: 22 April 2022