A new data protection regime will take effect in the UK from 25 May 2018. The EU General Data Protection Regulation (GDPR) and replaces the Data Protection Directive 95/46/EC and is designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.
UK Steel members will need to comply with the GDPR, irrespective as to whether or not the UK retains the GDPR post-Brexit. If your activities are limited to the UK, then the position (after the initial exit period) is less clear. The UK Government has indicated it will implement an equivalent or alternative legal mechanisms. However, this is likely to follow the GDPR. Organisations found to be in non-compliance after 25 May will face heavy fines.
UK Steel has produced an overview of GDPR for members. Further information is available from EUGDPR.org and EEF.