The EU General Data Protection Regulation (GDPR) comes into force on May 25, 2018.

The GDPR makes many important changes to European Union (EU) data protection law, but it is not a complete departure from existing principles. Many of the concepts with which organizations are familiar will continue to apply under the GDPR. Thus, the GDPR will apply to the processing of personal data (information relating to an identified or identifiable natural person); processing includes the collection, recording, storage and structuring of that data or other operations performed with respect to it. However, one of the principal differences under the new regime relates to its extra territorial application.

In a recent Steptoe update, we therefore seek to address the questions of whether the GDPR will apply to your organization and, if so, what immediate steps need to be taken to ensure compliance.