GDPR. The clock is ticking: a tough new take on data protection is fast approaching
With effect from 25 May 2018—in other words, less than a year away—your business is exposed to a new regulatory regime backed by hefty fines. And by ‘hefty’, we’re talking fines of the higher of either €20 million, or 4% of annual worldwide sales revenues.
The regulatory regime in question? The new EU-wide General Data Protection Regulation (GDPR)— the biggest change to data protection law for a generation—which imposes even stricter data protection requirements on businesses, and a far tougher penalty regime.
And don’t imagine that Brexit will remove the need for compliance. For one thing, the UK is not due to leave the EU until March 2019 (after the GDPR has come in force) and, for another, the government has indicated that it will adopt the GDPR.
In other words, the GDPR—and its tough new penalties for non-compliance—is coming. And businesses had better be prepared.
What does the Regulation call for?
For most businesses, the problem posed by the GDPR is that it is a radical departure from existing data protection requirements in two key areas.
First, it gives additional rights to individuals whose data is held by businesses. And second, it imposes a significant number of new obligations on businesses.
Which rights? What obligations? Essentially, these stem from the GDPR’s guiding principles:
- Individuals will have a ‘right to be forgotten’
- Individuals must have easier access to their own data
- Individuals may need to give explicit permission for their data to be processed
- Individuals may need to be told about data breaches
- Individuals will have the right to ask for their data in portable, electronic format
All of which, we would suggest, will certainly give pause to businesses accustomed to the established regime of the UK’s existing Data Protection Act.
A very different approach
What will it mean in practice? Much of the coverage that we have seen of the GDPR in the press, while not exactly wrong, seems to us to miss some important aspects of the GDPR.
Yes, if a breach of sensitive data occurs (or is suspected), then businesses must quickly notify all the individuals concerned. Yes, businesses will have to clamp down on the practice of personal data being held on theft-prone laptops and USB drives. And yes, businesses will need to make greater use of encryption.
But more fundamentally, many businesses will need to make significant changes to the way that they collect, record and handle personal data. And the impact of these changes will need to be understood right across the business, and in particular by those (in marketing, human resources, sales, and IT) whose role embraces dealing with personal data.
What’s more, from a legal point of view, a great many documents, statements and contracts will need to be re-drafted.
Privacy policies and statements, for instance, will have to set out—very specifically—how and why the business holds personal data, for how long, and how the business will implement new rights such as the ‘right to be forgotten’.
Should your business engage another business to handle individuals’ personal data on its behalf—whether for payroll purposes, market research purposes, or other purposes—then the relevant contract will need to be rewritten to make explicit reference to the requirements of the GDPR in areas such as businesses’ obligations in terms of confidentiality.
And many businesses will need to keep a register of all the personal data that they handle, together with details of why they hold it, for how long they intend to hold it, and with whom it will be shared.
What to do?
In short, there’s a lot to do—and the time available in which to do it is getting short. Put another way, a tough new regulatory regime, backed by hefty fines, is just months away from impacting your business.
There are decisions to make, policies to put in place, contracts to renegotiate, and employees to train and re-educate.
Here at The Legal Director, we can help—not least by providing legal advice on how best to approach GDPR compliance.
So to start the conversation, pick up the phone, or email firstname.lastname@example.org
Posted Wednesday, September 6th, 2017 by Warren RylandTweet
Other Articles In This Category
- Protecting the value of your newly-acquired businesses can be a challenge
Buying a business is exhilarating. Hard work, to be sure - but undeniably exciting, and with a rich sense of the opportunities that lie ahead. So perhaps... read more
2nd of October 2017 by Warren Ryland
- Persons of Significant Control: important changes to reporting requirements
It’s barely a year since the introduction of the PSC regime - and already, the compliance requirement has been tightened. And at a time when many businesses... read more
23rd of June 2017 by Warren Ryland
- Avoiding conflict when forming a business: probing questions for potential partners
Every year, several hundred thousand new businesses are created. In 2015, according to the Office for National Statistics, the total was 383,000—the highest... read more
28th of April 2017 by Warren Ryland
- Is your business at risk from the Uber decision? Why your self-employed contractors could really be employees
Fuelled by companies such as ride-hailing business Uber and personal courier firm Deliveroo, the so-called ‘gig economy’ is on the rise. So much so,... read more
12th of January 2017 by Warren Ryland
- The Legal Director - Commended for Innovation in the FT Innovative European Lawyers awards
Law firm The Legal Director (TLD) has been commended in the FT Innovative European Lawyers awards, which were announced at the beginning of this month. TLD ranked... read more
28th of October 2016 by Warren Ryland
- Debt versus Equity - Financing for SMEs
The need for additional finance is often the price of success for small to medium-sized enterprises (SMEs) that are looking to grow. The question that faces the... read more
14th of October 2016 by Warren Ryland
- The deceptive complexity of the Modern Slavery Act
At the end of July, Prime Minister Theresa May launched a cabinet-level government taskforce to eradicate modern slavery in the UK. It was, she said, “one of... read more
31st of August 2016 by Warren Ryland
- How our clients will benefit from the Bar Council's escrow account
Outside the narrow realms of consumer technology, there’s often an inevitable trade-off between cost and quality. In other words, you can have something at... read more
7th of July 2016 by Warren Ryland
- As the net starts to close, the Bribery Act prosecutions begin
As we have written before, the Bribery Act 2010 is a law with undoubted teeth. Fines are potentially unlimited, and custodial sentences can be up to ten... read more
1st of May 2016 by Warren Ryland
- New rules on shareholder identification are now in force
New rules on shareholder identification are now in force - and yet many businesses aren’t aware of them. Does your business have corporate or nominee... read more
12th of April 2016 by Warren Ryland
- First SRA-regulated law firm signs up to Bar Council's escrow account
PRESS RELEASE: The Legal Director has become the first law firm regulated by the Solicitors Regulation Authority (SRA) to sign up to the Bar Council’s... read more
31st of March 2016 by Warren Ryland
- Trade marks: the 3 biggest mistakes to avoid
Wander around a supermarket, or browse the advertisements in newspapers and magazines, and you’ll see trade marks everywhere. And it’s likely, too, that... read more
29th of February 2016 by Warren Ryland
- Avoiding flexible working's hidden pitfalls
You don’t have to look too far to see that traditional modes of employment are increasingly giving way to more flexible working arrangements. Returnee... read more
9th of November 2015 by Warren Ryland
- Are you paying your workers the right amount of holiday pay?
A recent ruling by an Employment Appeal Tribunal is set to cause many businesses a headache. Quite an expensive headache, at that. Simply put, it means that... read more
15th of July 2015 by Warren Ryland
- The Bribery Act 2010: are you running a risk of breaking the law?
To see the difficulties that businesses can get into through bribery - or even allegations of bribery - look no further than the reputational damage suffered... read more
11th of June 2015 by Warren Ryland
- It's official: "Lawyers are not cost-effective"
Imagine, for a moment, that when faced with a serious illness, significant numbers of people took no action. And of those who did take action, around... read more
20th of January 2015 by Warren Ryland
- Could a Shareholder Agreement save your business?
Here at The Legal Director, we’ve recently come across a business where the two co-founders have fallen out -- one is now leaving, in order to set up on his... read more
1st of December 2014 by Warren Ryland
- The high-fee culture that's hobbling British business
Another week, and yet another critical item in the press on the cost of obtaining corporate legal advice. And to be sure, it’s certainly a fairly open goal at... read more
11th of November 2014 by Warren Ryland
- Is crowdfunding the answer to your business's financing challenge?
As the credit crunch and ensuing recession of 2008 began to bite, lending to businesses dried up. To their shock, even long-established, profitable businesses... read more
2nd of September 2014 by Warren Ryland
- Complying with the Data Protection Act: 3 business bear-traps awaiting the unwary
Visit the website of the Information Commissioner’s Office, and there’s an interesting section entitled ‘Enforcement’. In it, the... read more
1st of September 2014 by Warren Ryland
- What might a Legal Audit reveal about your business?
When we start working with a business we assess their existing legal arrangements to determine how these can be improved and aligned with commercial objectives. We... read more
9th of July 2014 by Warren Ryland