Today the General Data Protection Regulation (GDPR) comes into effect in the European Union.

The new law aims to provide clarity and consistency across the EU and make it simpler to do business in the EU. From today, data protection authorities will be enforcing the new law though it remains to be seen how active that enforcement is. Elizabeth Denham, the UK Information Commissioner, told BBC Radio 4's Today programme this morning that small businesses which did not make extensive use of customer data would not come under close scrutiny. Instead, the focus would be on big companies - particularly those in the technology sector - that "deliberately, persistently or negligently misuse data”.

Complaints have already been filed against Facebook, Google, Instagram and WhatsApp within hours of GDPR taking effect with the companies being accused of forcing users to consent to targeted advertising to use their services.

The BBC also reported that a number of prominent US newspapers are currently unavailable in Europe as a result of GDPR coming into effect including the New York Daily News, Chicago Tribune, LA Times, Orlando Sentinel and Baltimore Sun.

GDPR replaces the European Data Protection Directive 95/46/EC and establishes a single set of rules on data protection for the 28 Member States of the EU. Any organisation that handles the personal data of EU citizens is affected. The UK government has confirmed that it will continue to observe the principles of GDPR even after it leaves the EU.

It is not just businesses that are physically located within the EU that will have to comply with GDPR. Any company established outside of the EU but offering goods or services to customers within the EU, or monitoring the behaviour of EU citizens, will have to apply the same rules.

Fiona Coombe, Director of Legal and Regulatory Research, Staffing Industry Analysts, recently wrote a column in Staffing Industry Review on GDPR. In it she mentioned how GDPR affects staffing firms.

“Staffing companies that recruit or supply staff from the EU, or that collect personal data relating to an identified or identifiable individual (data subjects) within the EU, must comply with the GDPR — regardless of where they themselves are based,” Coombe wrote.

For more on GDPR, refer to Staffing Industry Analyst’s Implementing GDPR: A Guide available to our research subscribers.