The GDPR is intended to replace the Data Protection Directive which was incorporated in to UK Law as the Data Protection Act 1998.
The new European Regulations are expected to come in to force in 2018 and will unify Data Protection across the 28 member states, replacing domestic legislation enacted by individual member states to implement the original directive.
It’s reported that the new General Data Protection Regulations will increase the penalties for companies who don’t comply to €20m or 4% of annual worldwide turnover for groups of companies, whichever is greater.
The requirements are also expected to focus on “Monitoring Behaviour” where companies, technology and services track users’ online activities. This will particualy affect cloud based services which makes for an interesting political situation with the America following the recent judgement that invalidated the SafeHarbour Agreement between the EU and USA.
A ‘Right to be Forgotten’ is also reported to form part of the regulations, a subject that has been widely debated in recent times.