GDPR: Are you ready?

Apr 20, 2017

Cast your mind back to 1995.  John Major is the Conservative Prime Minister and is leading a party suffering from serious in-fighting over Europe and the film studio Pixar has just released its first movie - Toy Story - which will later become the highest grossing film of that year.  Against this backdrop, the EU publishes a Directive regulating the processing of personal data within the EU.  All Member States had soon enacted it into law, in this country that being the Data Protection Act 1998 (“DPA”).

While some things have not changed, the technology between then and now is vastly different.  The national courts and Data Protection Authorities have performed valiantly in making a law that was created nearly 10 years before the first social network, and 3 and a half years before the release of the Nokia 3210 (other manufacturers were available), work in this age of the smartphone and social media. 

The 1995 Directive never imagined that there would be information sharing on the scale that we have today, and is ill-equipped to deal with it.  It is time for reform, and on 25 May 2018 that will happen as the General Data Protection Regulation (“ GDPR”) comes into force.

What is changing - key points to note

• Scope - it will be much wider than before.  The obligations now apply to processors as well as to controllers and also to anyone, anywhere in the world, who processes the data of an EU data subject - does this include you?
• Consent - there will be significant strengthening of the requirements for a valid consent.  In particular, consent must now be unambiguous, both in terms of the exact classes of data to which it relates and in terms of the exact processing itself.  Your privacy policy will be key to this - is yours up to date?
• Data subject rights - there are some new rights available to data subjects, e.g. the right “to be forgotten” and the right to data portability.  Also, any right must be complied with free of charge and within one month of the request - are your systems able to comply with this deadline?
• Data security - strengthening of the data security requirements.  In particular, some companies must appoint a data protection officer and there are now obligations to notify your data protection authority of any data breaches as soon as you become aware of them - do you need a data protection officer?  Do you have a data breach policy?
• Enforcement - significant increase to maximum fine limit.  Major breaches could lead to a maximum fine of the greater of €20 million or 4% of global turnover. 

GDPR is coming and its effects will be wide-ranging.  Start preparing now to prevent getting caught out later.

Karen Harrison, data protection partner with Knights, will be presenting our April webinar on the GDPR.

Karen Harrison   

Partner 

M           +44 (0) 7392 081709

D            +44 (0) 1332 497617

T             +44 (0) 1332 497600

W           www.knights1759.co.uk

Please add a comment

Category List

Archive