GDPR and the Key Players Leading the Change

The General Data Protection Regulation is the biggest change to data protection in over twenty years. Coming into force on the 25th of May, and potentially bringing business crippling fines GDPR is an important topic.

As a Microsoft Partner with a strong security conscience, we are ISO 27001 certified. We have kept a watchful eye on all things GDPR and are running a content series to share what we have learnt. We have had BSI into our HQ to educate our team on GDPR and this week marks our first content release.

What you can expect from our GDPR series:

  •  GDPR and the Key players leading the change
  •  GDPR, what the changes will mean to you
  •  Introducing our GDPR tool, how it can increase your compliance

Week commencing 16th  of April – GDPR webinar – showcasing our GDPR tool, automate your obligations.

 >>     Webinar showcasing GDPR tool Thursday 19th of April 14:00 – 14:30 – Register for your place here.    <<


Who are the Key players in GDPR?                                                                             

The Trialogue –

The European Commission

The EU Council

The European Parliament

The European Commission is the EU’s politically independent executive arm. It alone is responsible for drawing up proposals for new European legislation, and it implements the decisions of the European Parliament and the Council of the EU. It’s member are a team or ‘college’ of commissioners, one from each EU country, and is based in Brussels, Belgium.

The Commissions role is to promote the general interests of the EU by proposing and enforcing legislation as well as by implementing policies and the EU budget.

The European Parliament is the EU’s law-making body. It is directly elected by EU voters every 5 years. The last elections were in May 2014. It currently has 751 MEPs and has locations in Strasbourg, Brussels and Luxembourg. Germany currently has the most MEPs at 96.

The three main roles of the European Parliament include;

  1. Legislative. Passing EU laws, together with the Council of the EU, based on European Commission proposals, international agreements, deciding on enlargements and reviewing the commission’s work programme.
  2. Supervisory. Democratic scrutiny of all EU institutions. Electing the Commission President and approving the Commission as a body. Along with questioning Commission and Council and election observations
  3. Budgetary. Establishing the EU budget, together with the Council and approving the EU’s long-term budget, the ‘Multiannual Financial Framework’.

The European Council brings together EU leaders to set the EU’s political agenda. It represents the highest level of political cooperation between EU countries. Its members are the heads of state or government of EU countries, the European Commission’s president, high representatives for foreign affairs and security policy. One of the EU’s 7 official institutions, the Council takes the form of summit meetings between EU leaders, chaired by a permanent president.

Their collective goals and why

The GDPR is not designed to bring a radical overhaul of the data protection law, rather an enhancement of the existing law. The UK Data Protection Act is being evolved to be inline with GDPR

The data protection law came into force in 1995 when the internet was in its preliminary stages. Now our Digital DNA is everywhere we go it is vital we protect our data. Different countries interpreted the data protection act differently, GDPR aims to bring a unified set of requirements.

This will give us:

  • Consistency of interpretation and enforcement
  • Ensure a high Data Protection across the industry
  • Reinforce individuals rights – privacy by design and by default
  • Strengthen the EU internal marketing through new, clear and robust rules for the free movement of data.
  • Improved data protection standards.

The GDPR will remove any ambiguity within the EU, as 28 laws become 1.

Once the GDPR goes live the new ‘European Data Protection Board’ (EDPB) will replace the Article 29 Working Party.


The UK government have confirmed that the UK will be implementing the General Data Protection Regulation (GDPR). The Secretary of State said:

‘We will be members of the EU in 2018, and therefore it would be expected and quite normal for us to opt into the GDPR and then look later at how best we might be able to help British business with data protection, while maintaining high levels of protection for members of the public.’

It’s clear the GDPR is something we all need to start preparing for. Brexit or not we need to all be compliant by the 25th of May.

Next week in the GDPR series we will delve into the specific pain points GDPR may bring to your organisation and discuss how to overcome them.

If you would like to download ‘GDPR and Microsoft 365 streamline your path to compliance’ eBook, click here.


If  you would like to know more about the training course we completed with BSI you can find it here.