EU GDPR rules celebrate five year milestone


It’s been five years since the European Union implemented the Global Data Protection Regulation, or GDPR, designed to protect the data rights of individuals.


The GDPR regulation replaced older data protection laws which were drawn up back in the 1990s, long before the age of ubiquitous smartphones in our lives and before e-commerce and social media played such a prominent role in everyone’s day-to-day lives.

Drawn-up by the European Union, the aim of the GDPR was to harmonise data laws across the member countries. If it now regarded as the world’s strongest set of rules regarding personal data and how companies use it.

There are seven key principles of the regulation, which are:

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

In the UK, failure to comply with the principles may leave you open to substantial fines, according to the Information Commissioner’s Office.

It states that: “Article 83(5)(a) states that infringements of the basic principles for processing personal data are subject to the highest tier of administrative fines.

“This could mean a fine of up to £17.5 million, or 4% of your total worldwide annual turnover, whichever is higher.”

Last week Facebook owner Meta was fined a record €1.2 billion by Ireland’s data privacy regulator for ‘mishandling’ of personal data.

The global tech giant was also ordered to suspend the transfer of user data from the EU to the US.

In 2022, following the UK’s departure fro the European Union following the Brexit vote, lawmakers introduced a new bill, called the Data Protection and Digital Information Bill, which is the UK’s post-Brexit replacement for Europe’s GDPR data regime.

This alternative bill has already had its first reading, but must then pass through various parliamentary stages before it can be enacted.

These new UK data regulations aim to reduce annoying cookie pop ups, crackdown on nuisance calls with bigger fines and will contribute £4.7 billion to the UK economy over ten years the government claims.

However some have criticised the planned UK data regulations as being far worse than the existing GDPR.

In March 2023, Abigail Burke, Policy Manager at UK digital rights campaign body, the Open Rights Group, said: “It appears that the revised version of the Data Protection and Digital Information Bill will be worse than the last, posing an even greater threat to our privacy rights.

“The Government seems intent on undermining our ability to have control over our data, instead greatly expanding the power of businesses and government departments to collect, process and re-use our data in new ways.

“The UK has an opportunity to create a world-leading data protection law that puts people’s privacy rights at the fore, and aligns with our biggest markets. Instead, this appears to be an attempt to take power from citizens and give it to government.”