The GDPR became enforceable from 25 May 2018. If breached, the Regulation allows for penalties which could result in fines of up to 4% of global turnover.
Despite Brexit, GDPR still affects the UK. Every organisation processing personal data must carry out safeguards against loss, theft and unauthorised access. Respect for the privacy, security of data and awareness of breaches is key.
There is a duty to report a breach within 72 hours. If that breach is potentially of high privacy risk, then affected individuals should also be advised of the data breach. This is a significant change on the old Data Protection Regime in the UK.
The definition of personal data is wide and includes anything that could be used to identify an individual. This includes, for example, genetic data and even IP addresses. The GDPR is more robust to anything we have previously seen with organisations now more accountable.
Further information and guidance is available on the Information Commissioners Office website.