GDPR – General Data Protection Regulation
The GDPR came into force in all EU Member States on 25 May 2018. It is arguably the toughest privacy law in the world and covers organisations everywhere that target or process the personal data of EU citizens. Fines can be up to €20m or 4% of global revenue – whichever is higher. The UK has its own version, known as UK GDPR, with the same key principles, rights and regulations, applicable from 1 January 2021.
DPA – Data Protection Authority
DPAs are independent public bodies which supervise and enforce the application of privacy laws including the GDPR. There is a DPA (also known as a supervisory authority) in each member state.
ICO – Information Commissioner’s Office
The UK’s DPA or supervisory authority promotes good practice in handling personal data and providing advice on data protection. The ICO can help to resolve disputes about whether an organisation has complied with the GDPR and take action to enforce compliance where appropriate.
DPO – Data Protection Officer
DPOs monitor internal compliance with the GDPR, advise on data protection obligations and act as a contact point for supervisory authorities. The GDPR requires certain organisations to appoint a DPO, but others can do so voluntarily as part of their commitment to good privacy compliance.