Are you ready for GDPR?

GDPR – General Data Protection Regulation

What is GDPR?

GDPR (General Data Protection Regulation) also know as ‘EU 2016/679’ is an update to the current GDPR regulation which is now somewhat outdated. The existing directive came into effect in 1995 and was labelled 95/46/EC.

  • It is quite simply a regulation enforced by the European Parliament on EU (European Union) member states for the handling of data, it also applies to those who process individuals data who are based within the EU.
  • The new ‘EU 2016/679’ regulation was first published in the EU Official Journal on 4th May 2016, and 20 days later it entered into force. The applicable date whereby the regulation takes over its predecessor is 25th May 2018.
  • Due to GDPR being a “Regulation” and not a directive, provisions are directly applicable in EU member states and they will not need to translate it into their own laws.
  • This regulation has gone through four years of preparation and debate before it was finally approved by the European Parliament.
  • Organisations who have not adopted the new GDPR or are still in a non-compliant state will face heavy fines.
  • Due to its ‘extra-territorial scope’, this means all jurisdictions have to understand, and comply with, GDPR if they wish to do business with EU Member states. These territories will need to become GDPR equivalent.

Looking for our GDPR training & consultancy services?

Please head over to our services section below.

What are its objectives?

The GDPR’s primary objectives are

  • Give EU Citizens back control of their personal data
  • Simplify the regulatory environment for international business by unifying it

To achieve this, the new regulation has to heavily account for “the internet” and the way we use handheld devices – as back when 95/46/EC was written the internet was in its infancy.

The regulation does not apply for B2B – it is for the individual.

Who will GDPR apply to?

The definitive list is quite simple:

  • Controllers or processors established in the EU
  • Controllers or processors not established in the EU but offering goods or services to clients within the EU
  • Any businesses wishing to do business with a ‘data subject’ (individual) who is based in the EU

Guernsey’s approach to GDPR

Falling under the “extra-territorial scope” Guernsey does need to act to ensure we are able to continue working with EU businesses & individuals. To achieve this, the States of Guernsey (SoG) are currently finalising their own equivalent version of the GDPR, The Data Protection (Bailiwick of Guernsey) Law 2017. Jersey are also following the same course of action.

Achieving equivalence is important as otherwise the islands face being black listed by the EU. So this proactive approach by the SoG is welcomed. The islands have had a high level of engagement with the EU in order to ensure our approved status remains unchanged.

It will be heavily based on the EU version and therefore until a final version is released, it would be good practice to align your business procedures to the EU GDPR.

Need advice? Click here.

Watch our GDPR Introduction video

Our GDPR services

See the links below to quickly navigate our GDPR services. If you need any further help, or can't find what you are looking for, please fill out the form below.
Or call us on 01481 730733 (Monday to Friday, 9am - 5pm).

GDPR Health Check

Our GDPR Health Check is a first step for businesses who are unsure where they may need help with data protection.

GDPR Training

Midshore’s Data Protection & GDPR training ranges from simple awareness all the way to our Certificate in Data Protection.

GDPR Consultancy

Find out more about our consultancy services here, including outsourced data protection officers.