GDPR: What will happen on May 25 2018?

It has been described as D-Day for data protection law in Europe.

On May 25 2018 the GDPR will apply in all Member States and globally to all companies and organisations that offer goods and services to individuals in the EU. And this time there is no fooling around.  

GDPR is here

The GDPR was published by the European Parliament on 4 May 2016. Unbeknownst to most people it came into force just twenty days later but the introduction was followed by a so called two-year grace period. Effectively, companies were given an opportunity to prepare for the GDPR. However, one has to wonder if some decided to push the objective of compliance as far into the future as possible. One year’s time has passed and many companies may start to feel like that D-Day is moving closer at a rapid pace.

Comply with the GDPR

When owners and employees working at MSPs wake on a that fateful spring morning, it might be wise to keep in mind a list of initiatives that should be started up immediately to comply with the GDPR. For instance:

– MSPs that use consent as their primary legal basis for processing personal data, should be aware that the standards for consent have been considerably heightened under the GDPR compared to the Data Protection Act. Companies need to review their consent mechanisms to make sure that they meet the requirements of the GDPR.  

– Privacy Impact Assessments. Shortened PIAs and a concept that companies might as well familiarize themselves with. Under the GDPR, companies are required to conduct privacy impact assessments any time they launch a project that implies an increased risk of personal data breaches or leaks. As projects progress, companies need to stay in compliance with the DGPR.   

– EU Member States have represented a variety of different data breach notification laws, but that is about to change under the GDPR. The GDPR wants to harmonise data breach notification laws by requiring that companies and organisations notify their national data protection authorities within 72 hours of discovering a data breach. Companies need to ensure that they have the necessary technology and working methods to identify breaches and notify the relevant authorities.   

Companies that are yet to begin their preparation for the GDPR, will have plenty of work on their hands in the upcoming 12 months.

From May 25 2018 the GDPR is reality all over the EU. How will you prepare for it? 


Three highlights:


– The GDPR was published by the EU Parliament on 4 May 2016. After a two-year grace period, it will be enforced on May 25 2018.


– Companies are expected to be in compliance by the end of May next year.


– Privacy Impact Assessments and harmonised breach notification laws are two key issues that companies should be ready for from May 25.