About GDPR

GDPR came into force on 25 May 2018, replacing the Data Protection Act (DPA) 1998. This was the biggest change to UK data protection laws in over twenty years:

• GDPR will harmonise data protection laws across the EU and will update the current regulations to take full account of globalisation and the ever-changing technology landscape

• GDPR will apply to any organisation processing the personal data of individuals in the EU in relation to offering goods and services, or else to monitor their behaviour

• Employers must make sure that personal data is processed lawfully for a specific purpose and deleted when that purpose is fulfilled

• Employers who breach GDPR could face significant penalties, including fines of up to €20 million or 4% of the business annual turnover, whichever is greater

GDPR builds on the Data Protection Act 1988, introducing new responsibilities for organisations and new rights for individual employees.

GDPR will continue to apply to UK businesses for now, regardless of Brexit. Organisations directing products and services at EU citizens may still have a legal requirement to comply with the GDPR after the UK leaves the EU.

Although IRIS Cascade cannot give you advice on processes and legal issues, we are building on our established data security strengths by providing:

• Supporting information and resources on the IRIS Cascade website, including hints and tips about how you could use your IRIS Cascade system to help you prepare for and manage GDPR.

• System functionality fully implemented before 25 May 2018, to help you comply with the new legislation. We will keep you informed about any significant system changes resulting from the GDPR legal requirements.

For more details, see GDPR compliance.