"If we're leaving the EU, does GDPR even matter?" And other FAQs

Microsoft and Tech Data help you and your customers to cut through the surplus of GDPR jargon and address the most prevalent issues of public concern head on.

While GDPR was devised and published in 2016, regulatory conduct in the UK still abides by the 1998 Data Protection Act 1998, while other members of the EU still abide by the 1995 EU Data Protection Directive. On 25 May 2018, GDPR will come into immediate effect, superseding all the data laws of old.

Concern surrounding the complexities of GDPR continues to grow, and while many are not wrong in believing that they have a significant transitionary period immediately ahead of them, they needn’t be intimidated by it.

Microsoft and Tech Data are committed to guiding you through this impending change using both our expertise across data and compliance, and the far-stretching capabilities of the Microsoft suite. We address the concerns surrounding this legislatory sea change below, so you can be in the position to help your customers prepare for the new law.

We hope this piece has worked to cover any areas of concern you may have had surrounding GDPR that weren’t covered in our initial ‘need-to-know’ blog.


  • GDPR is enforced by the Information Commissioner’s Office (ICO), who will essentially be doing what it always has done, only with bigger potential fines (up to 4% of global turnover or €20 million, whichever is greater).
  • These data laws go much wider than the UK and its EU membership status. Any business that sells to the EU will need to meet GDPR regulations. Those that don’t risk being sanctioned.
  • Businesses that transfer data to countries outside of the EU may need to set up or adhere to a specific legal mechanism or contract.
  • In the event of a personal data breach, the GDPR requires notice to regulators within 72 hours of detecting it. Individuals may have to be notified if there is a risk of harm.

Visit the Microsoft hub