How does GDPR compare to the previous directive?

The biggest change since the previous directive is the increased scope of the GDPR. This is because it applies to all companies regardless of their location in the Union.

Penalties are now increased and as stated previously, businesses can be fined up to 4% of annual global turnover OR £10-20 million. These are the maximum fines that can be made in regards to the most serious infringements, such as not having complete consent from a customer to process data.

The terms for consent have also been evaluated and strengthened, where companies will have to provide consent in a clear form and easy to access manner, rather than providing terms and conditions full of legalese.

Furthermore, GDPR includes a ‘right to be forgotten‘ policy, which supports the erasure of personal information. This can occur when an individual no longer wants their personal data to be held or processed, provided there are no legal reasons for keeping it.