Adopted on 27 April 2016, the regulation will enter into application on 25 May 2018 after a two year transition period. The aim of the regulation is to provide a framework for the modern cyber-environment while being more relevant than the supplanted 1995 Data Protection Directive, which was designed at a time when the internet was in its infancy and data was treated very differently.
We launched our sector survey in Summer 2017, one year prior to the new regulations coming into effect. The survey was completed by 58 respondents in England and Wales, and of sizes varying from Registered Providers (RPs) of less than 1,000 units to those over 30,000. This provides a wide sample of the sector’s reaction to the regulations, and the varying approaches taken by those of different size and resources.