5th June 2017
GDPR is the EU’s General Data Protection Regulation which will replace current data protection laws with effect from 25th May 2018. The countdown has started and, irrespective of Brexit, UK businesses must now prepare to comply with GDPR by next May’s deadline - there is much to do. MSI's Northern UK law member Myerson explains further.
The EU Regulation is a response to advances in technology, the way businesses use technology and data and the consequential privacy risks for consumers and employees. The new law represents the biggest shake up in the data protection arena in 20 years, introducing stringent compliance requirements and tough penalties in the event of breach of data protection principles.
The Information Commissioner’s Office (ICO), the public body in the UK with responsibility for taking enforcement action in relation to data protection matters, has demonstrated an increased appetite for enforcement action under current laws, recently issuing significant fines and naming and shaming well-known charities (Oxfam, Cancer Research UK, British Legion) and other household names, such as Honda and Flybe. The ICO’s enforcement powers under GDPR will include powers to ban or suspend data processing, potentially at great cost and inconvenience, and the power to issue graduated fines for infringement up to EUR 20million or 4% of global turnover, whichever is the higher. Under current laws fines are capped at £500,000.
Individuals rights are also bolstered by GDPR with individuals being able to bring civil claims, either alone or as part of a class action, in the event of a data breach. Under current laws individuals cannot bring standalone claims for distress or hurt feelings and so claims are rare – this is likely to change following GDPR. The biggest challenge for businesses will be updating their approach to data protection compliance to take account of the more stringent regime and to avoid enforcement action, fines and reputational damage. GDPR is also an opportunity for businesses to secure a competitive edge by demonstrating intelligent data handling and protection to match future consumer expectations.
Jo Henderson, Partner in Myerson Solicitors Compliance Team commented “Businesses can no longer afford to ignore data protection and will need to up their game in relation to compliance. Although many core principles under the new law are familiar, current business practices and procedures will not be adequate to demonstrate GDPR compliance.” Jo also explained that “GDPR introduces new mandatory requirements for some businesses such as maintaining Data Processing Records, appointing a Data Protection Officer and conducting Data Protection Impact Assessments. We are advising clients to review and update their processes and procedures accordingly and as soon as possible”.
Myerson was founded in Manchester, Cheshire over 30 years ago and is a leading, full service commercial and private client law firm providing bespoke legal advice to businesses and affluent individuals across Manchester, Cheshire, the UK and beyond.
View firm profile
RT @JimHalfens: On my way to Tokoyo for the global conference of @MSI_Global, looking forward to Tokyo! https://t.co/Kz7VmOnqDa
RT @MillerTiterle: Congrats Jen! https://t.co/m44Y5y30uF
To all MSI members starting to make their journeys to #Tokyo, have a safe trip and see you very soon at our Interna… https://t.co/hbMEc1YXK6