Morton Fraser Business Tip- GDPR
The European General Data Protection Regulation (GDPR) will replace the Data Protection Act (1998), and is due to take effect from May 2018. This new piece of European legislation is meant to address public privacy concerns presented by the advances in technology seen in the last twenty years or so.
We have received an increasing number of enquiries regarding the GDPR from our client base, which is not surprising given that under the GDPR businesses can be fined up to 4% of annual global turnover (or 20 Million Euros, whichever is greater) for certain data protection violations. While the threat of such high penalties is of course concerning, it is important to remember that the nature, gravity, and duration of the violation (and the number of individuals affected and level of damage suffered by them) will be taken into account by the Information Commissioner’s Office when imposing fines.
So while we are advocating businesses should take action now to be GDPR compliant by May next year, the GDPR should be seen as an evolution of the current UK data protection laws, enforcing what has always been good practice, and not an unnecessary burden to an organisation.
Key recommendations for businesses are as follows:
- Audit and document the personal data your organisation holds, noting from where it was obtained, with whom it is shared and for how long it has been held.
- Review all privacy notices used by your organisation, and put in place a plan for changing these notices to comply with the GDPR.
- Implement training programmes in your organisation so that employees are aware of the data protection compliance they must follow.
Provided by Morton Fraser Lawyers