The General Data Protection Regulation has applied in the UK since 25th May 2018, when it superseded the Data Protection Act 1998.
GDPR places a new range of obligations on organisations, in order to increase accountability for data protection. In addition, GDPR has introduced significant penalties for organisations that fail to comply with the rules, and for those that suffer data breaches.
One of the Data Protection Principles required by the Regulation is for organisations to ensure appropriate security, integrity and confidentiality.
In order to demonstrate compliance with GDPR, organisations must be able to demonstrate that they have implemented appropriate measures to secure personal data.
An additional requirement of GDPR will be for organisations to secure Personal Data against unauthorised processing and against accidental loss, destruction or damage.