{"id":4204,"date":"2018-05-30T10:15:00","date_gmt":"2018-05-30T09:15:00","guid":{"rendered":"https:\/\/www.sage.com\/en-gb\/blog\/?p=4204"},"modified":"2026-01-29T10:37:20","modified_gmt":"2026-01-29T10:37:20","slug":"what-is-the-gdpr","status":"publish","type":"post","link":"https:\/\/www.sage.com\/en-gb\/blog\/what-is-the-gdpr\/","title":{"rendered":"What is the GDPR and what does it mean?"},"content":{"rendered":"
\n\t
\n\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\tStrategy, Legal & Operations<\/a>\t\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t
\n\t\t\t\t\t

\n\t\t\t\t\t\tWhat is the GDPR and what does it mean?\t\t\t\t\t<\/h1>\n\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t

\n\t\t\t\t\t\t\t\t\t\t\t<\/p>\n\t\t\t\t\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/div>\n\t

\n\t\t
\n\t\t\t
\n\t
\n\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\n\t\t
\n\t\t\t\n\t\t\t\t\"\"\t\t\t\tStacey McIntosh<\/span>\n\t\t\t<\/a>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/div>\n<\/div>\n\n\n\n

Have you got questions about the General Data Protection Regulation<\/a>, which came into force on 25 May 2018? Are people in your business asking “what is the GDPR” or “what does the GDPR<\/a> mean for our company”? To answer those questions and more, we have put some answers together to help your business with the legislation.<\/p>\n\n\n\n

What is the GDPR?<\/strong><\/h2>\n\n\n\n

The General Data Protection Regulation (GDPR) is the European Union\u2019s new data protection legislation, which replaced the EU Data Protection Directive.<\/p>\n\n\n\n

The EU has worked on bringing data protection legislation in line with how data is used today. For example, the internet and social media didn\u2019t have as big as an effect on personal data as they did when the current legislation was brought in. The new legislation will reflect this.<\/p>\n\n\n\n

What does the GDPR mean?<\/strong><\/h2>\n\n\n\n

The GDPR<\/a> means individuals will have more say over what businesses and organisations can do with their personal data. There are tougher fines for those businesses that don\u2019t comply with GDPR or don\u2019t report data breaches.<\/p>\n\n\n\n

Those fines could be as much as 4% of annual turnover or \u20ac20m, whichever is greater. In the UK, the Information Commissioner\u2019s Office (ICO) will be tasked with investigating data breaches or wrongdoings as far as the GDPR is concerned. It will also potentially issue fines.<\/p>\n\n\n\n

What is the Data Protection Bill?<\/strong><\/h2>\n\n\n\n

The Data Protection Bill is the UK government\u2019s new data protection legislation and it was published on 13 September 2017. It will implement most of the GDPR legislation into UK law once it\u2019s been passed by Parliament.<\/p>\n\n\n\n

The bill is currently making its way through the House of Commons and House of Lords and they need to approve any amendments before the bill can become an Act of Parliament. Once passed, the Data Protection Bill will replace the Data Protection Act 1998.<\/p>\n\n\n\n

As an EU piece of legislation, the GDPR\u2019s data protection rules will be harmonised across the EU \u2013 although there is some flexibility on how countries implement GDPR, which is where the UK government comes in with the Data Protection Bill.<\/p>\n\n\n\n

What does GDPR stand for?<\/strong><\/h2>\n\n\n\n

GDPR stands for General Data Protection Regulation.<\/p>\n\n\n\n

When does the GDPR come into force?<\/strong><\/h2>\n\n\n\n

On 25 May 2018, the GDPR came into force across all EU member states.<\/p>\n\n\n\n

The GDPR was approved by the EU Parliament on 14 April 2016, following four years of preparation and debate. That approval required the EU member states to agree to the final text of the new legislation. However, businesses were given two years \u2013 until 25 May 2018 \u2013 to prepare for the changes. And from that date onwards, GDPR must be put into practice.<\/p>\n\n\n\n

According to research undertaken by Sage (as part of our GDPR customer survey in October 2017, which featured 100 respondents), 57% of UK business lack awareness of GDPR, while 60% didn’t know what it meant for their business.<\/p>\n\n\n\n

Will GDPR affect my business?<\/strong><\/h2>\n\n\n\n

In a word, yes. Even if your business is completely au fait with the Data Protection Act 1998, the requirements of the GDPR surpass it, so you’d still have to take the necessary steps to be compliant.<\/p>\n\n\n\n

\n
<\/video><\/div><\/div>\n<\/div><\/figure>\n\n\n\n

What is a data controller?<\/strong><\/h2>\n\n\n\n

The person, public authority, agency or other body who, alone or jointly with others, determines the purposes and means of the processing of personal data. If you are collecting personal data for your own use and purposes, you are the controller and fully liable for being compliant with the GDPR, including all security.<\/p>\n\n\n\n

What is a data processor?<\/strong><\/h2>\n\n\n\n

A person, public authority, agency or other body who processes personal data on behalf of a controller (other than employees of that controller). If you are processing personal data on behalf of another organisation, you are the processor and must only act on the instructions of the controller organisation. The GDPR now imposes direct obligations on data processors, not just data controllers.<\/p>\n\n\n\n

\n\t
\n\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t

GDPR<\/h2>\n\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t

<\/p>\n

Need help with meeting your GDPR obligations and making sure your businesses processes are working in the correct way? Here’s what you need to know.<\/p>\n

<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tFind out more<\/a>\n\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\"Working\t\t\t<\/div>\n<\/div>\n\n\n\n

What is personal data?<\/strong><\/h2>\n\n\n\n

This includes but isn\u2019t limited to a name, an identification number, location data, or an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.<\/p>\n\n\n\n

Three things your business should do now<\/strong><\/h2>\n\n\n\n

Our Sage Business Experts shared some useful tips as they were preparing for the GDPR, which you will find useful if you need help with the GDPR. Here\u2019s what they had to say:<\/p>\n\n\n\n

Nicky Larkin, founder and managing director of Goringe Accountants<\/a>: \u201cIf you realise GDPR is going to be a big requirement for your business \u2013 and obviously it\u2019s tight now because of the deadline \u2013 use an external consultant.\u201d<\/p>\n\n\n\n

Keith Tully, a partner at Real Business Rescue<\/a>: \u201cDon\u2019t panic. There is a wealth of information to help you and your business prepare, much of which is completely free.\u201d<\/p>\n\n\n\n

Steve Johnson, owner of Graphite Web Solutions: \u201cThe ICO website<\/a> has a great checklist for data controllers that should help businesses step through the questions you need to consider.\u201d<\/p>\n\n\n\n

Three articles you should read now on the GDPR<\/strong><\/h2>\n\n\n\n

We have written a series of articles that will help you and your business with the GDPR.<\/p>\n\n\n\n