Back Arrow

What is GDPR?

The past twenty years have seen lots of changes in technology and in the way data can help consumers, so the European Union has refreshed the former law – the Data Protection Directive – with a more robust law, the General Data Protection Regulation (GDPR).

GDPR updates EU law to consider the internet, e-commerce, online advertising, and the increase in data driven marketing. Many of the provisions of the prior law are restated in the GDPR, but now companies face tougher fines for non-compliance. The new Regulation also requires companies to report breaches to their regulators and often to consumers and allows people to ask what companies they work for and they do business with do with their data. Replacing the Data Protection Directive, GDPR is more of an evolution of existing rules rather than a revolution, but it brings in important changes and reduces the number of country-specific laws that will be allowed. These changes have been introduced due to the changing nature of the world we live, the volume and prevalence of data, and the value of personal data in an increasingly connected world.


With enforcement of the Regulation starting on 25 May, 2018, it’s important to know what this legislation specifically impacts. The scope of “personal data” is broad, ranging from online identifiers such as IP addresses to social identities in addition to the usual names and contact information (both personal and work in the EU), but basically GDPR will cover anything that can be traced back to you as a specific individual, aiming to better enforce the protection of personal data as a basic human right. It protects the data of EU residents– in fact, it is irrelevant where a company collecting data is based in the world as long as they have EU customers. GDPR places a requirement on companies to “implement appropriate technical and organizational” measures to ensure the security of the personal data.

The Regulation requires companies to look at how they collect and store consumer data, keep records of certain kinds of consent, and be transparent about how they use personal data. The Regulation allows EU residents to ask companies questions about how their data was obtained, to opt out of marketing, and – in some cases – to ask that their data be deleted.

For further information please email or call 01908 302880

Equity & General Insurance Services Limited is directly authorised and regulated by the Financial Conduct Authority (No 474163).