Introduced against the backdrop of the Facebook-Cambridge Analytica scandal, the GDPR concerns data protection and privacy for all individuals within the European Union (EU) and the wider European Economic Area (EEA).
It is designed to give individuals more control over the handling of their personal information and not only imposes strict rules on the processing of data within the EU but also addresses the transfer of personal data outside of the EU and EEA.
No significant fines or sanctions have yet been imposed in the UK on any organisation for breaching the GDPR. However, the ruling in the recent ‘Morrisons case’ suggests a new trajectory for cases involving breaches of personal data and provides an insight into the types of claims that may become commonplace.
via Morrisons Data Breach: A Word Of Warning For Employers – Data Protection – European Union.