Recent months have seen a barrage of information being published about how the EU’s new data protection directive, the General Data Protection Regulation (GDPR), will affect both organisations and individuals. While the threat of hefty fines in case of a breach may send you desperately dashing through the minefield of information to understand what’s involved before the legislation comes into effect, we’ve simplified the basics as a starting point to get you on the path to compliance.


The General Data Protection Regulation, or GDPR for short, comes into effect on 25th May 2018 and applies to all EU markets, including the UK, despite Brexit.


The legislation will affect both organisations and individuals, extending the parameters of the UK Data Protection Act 1998, placing a greater emphasis on accountability.


The GDPR takes current data protection laws even further, with a greater emphasis on accountability, and greater penalties in case of breaches. It covers personal data and sensitive personal data obtained and held by individuals and organisations, though these categories are far more defined than they have been in previous legislation. For example, under the GDPR even an IP address is classed as an online identifier and therefore comes under the remit of personal data.

The regulation focusses on “controllers” (those who decide how and why personal data is processed) and “processors” (who act on the controller’s behalf and actually carry out the data processing), and highlights the roles and responsibilities of each.


The last EU Directive covering data security was in 1995. With the explosion of technology and its use in everyday life, the Directive simply was not equipped to deal with modern data protection issues. The GDPR also provides a uniform set of regulations across the EU to ensure that every individual and organisation is entitled to the same rights and adheres to the same laws.


Now you understand the basics, the next question that springs to mind is How?  We’ve established the importance of compliance, especially with such substantial financial penalties, so we decided it deserved a post all to itself. Watch out for our follow-up blog post, GDPR: The How, with a checklist of things to consider to get on track for GDPR compliance in May.

KMB Shipping has 30 years’ experience in delivering our full range of shipping services to over 70 different countries, to a growing international client list. As members of BIFA, we offer a flexible and fully tailored service, managing the whole shipping process for you from initial phone call to safe delivery. Contact our professional, friendly and highly experienced team today to discuss how we can accommodate your shipping requirements.

Sources: ICO, NCC Group, CIO, PwC