On 4th May 2016 a new General Data Protection Regulation was published in the Official Journal of the EU along with notice that it will come into effect on the 25th May 2018. It takes the form of a “Regulation” as opposed to the old “Directive” which means it has the power to impose fines and it applies to…
“Data controllers and processors outside the EU whose processing activities relate to the offering of goods or services (even if for free) to, or monitoring the behaviour (within the EU) of, EU data subjects”
So, if you hold or process information about any EU citizen then you will need to be compliant with these new regulations regardless of whether you are a European company or the outcomes of BRexit – any company in the world can be fined. It is very different to many existing data protection laws and contains many onerous obligations that will take time to prepare for.
This Sub-cluster of the Wales Cyber Security Clusters is open to those with a responsibility for ensuring an organisation's compliance with the new EU General Data Protection Regulation who want to share ideas, challenges and best practice in the run-up to the 2018 deadline.