It has been nearly 18 months since the General Data Protection Regulations came into force. But are you still not sure what this means for you?

If you use, manage or store data then GDPR applies to you.


GDPR applies specifically to ‘processors’ and ‘controllers’. So, how is each role defined?


Well, a “processor” is the responsible party for processing personal data on behalf of a controller. Meanwhile, a “controller” determines the purposes and means of processing personal data.


GDPR places specific legal obligations on any “processor”, if you are the processor then, you are required to ensure that you maintain all records of personal data and all processing activities for this data. If a breach occurs in relation to this data then you and your company or organisation may be held accountable under GDPR.


If you are a “controller”, you have ULTIMATE responsibility: it is your obligation to oversee data processing to ensure all processes and policies relating to GDPR are followed and that as a company or organisation you fully comply.


GDPR also applies to organisations outside the EU trade, wish to trade or provide services to companies, organisations or people within the EU.

GDPR applies to both “Personal data” and “Sensitive personal data”.


Within the GDPR, data protection principles are set out and highlight all responsibilities for organisations.


Companies that breach GDPR rules could be in for very large penalties. How much then?


Fines of up to 20 million Euros or 4% of turnover of a company/organisation (whichever is the higher amount!). Failure to comply with the regulations after 25th May 2018 can result in significant fines and criminal prosecution.


Do not share any data with any third party without expressed written consent from the data subject (Individual/Company)! They must be fully aware of how you handle and manage their data and opt in!