General Data Protection Regulation (GDPR) 2018

This month’s SWCSC featured a talk from Nathan Heyes about GDPR 2018.

Illustration showing key elements of GDPR – DPOs, Compliance, Data Breaches and Personal Data


  • Implementation date: 25 May 2018
  • Is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area.
  • To comply with one version (UK or EU) is to comply with both. So, you are compliant to GDPR if you comply with either the UK or EU version.
  • You must be aware of any changes (e.g. Brexit) to remain compliant.
  • All UK companies should now be compliant to EU GDPR.

EU Representative Requirements

  • You are required to have an EU representative if your company’s products or services are targeting EU citizens.
  • Targeting is the most important part
    • It does not necessarily mean that your website is targeting EU citizens
    • Unless your website uses .eu domain instead of domain, then there is a need for an EU representative