The clock is ticking: a countdown to GDPR compliance
by Paul Longland, 01 February 2018
Data protection legislation is facing huge changes. On 25th of May 2018, the EU’s General Data Protection Regulation (GDPR) takes effect on all European Union (EU) member states including the United Kingdom. Failure to comply could see huge fines of up to 4% of a company’s global turnover or 20 Million Euros, whichever is higher!
GDPR aims to synchronise EU data protection law to protect citizen’s digital and other manually held data rights whilst reshaping how organisations approach data privacy. The key effect of the new regulation is that data controllers and data processors will be responsible for demonstrating compliance. Consequently, organisations will need to be transparent with their data handling processes as they become accountable to their data subjects (i.e the individual whom particular personal data is about) and the supervising authorities.
GDPR Compliance - The Rights of the Data Subject
GDPR gives Data Subjects greater control over how their information is processed by organisations. Under GDPR, controllers will be required to meet the demands of the Data Subject in accordance with the rights afforded to them. Failure to do so will demonstrate non-compliance and inevitably result in a penalty/fine.
Rights of the Data Subject under the GDPR include:
- Right to access data being processed about them
- Right to rectify data which is wrong or incomplete
- Right to erase data
- Right to transfer data between data controllers
As Data Subjects become empowered by GDPR, businesses should be analysing their data systems to ensure they are prepared for individuals to exercise their rights. Where businesses store personal data they should ensure it is easy to locate, alter and transfer. The UK’s Information Commissioner has made it quite plain that there will be no ‘grace period’ following the 25th May 2018, therefore businesses need to be fully ready and match fit before the ‘go live’ date in May.
GDPR Compliance – The Impact on Businesses
Companies will have new obligations to demonstrate compliance with GDPR’s principles in their daily processing activities. Controllers and Processors both have new responsibilities making them directly accountable for data protection within an organisations processing.
Controllers new responsibilities include but are not limited to:
Keeping internal records of data processing activities
- Conducting Data Protection Impact Assessments (DPIA’s) on high risk processing
- Appointing Data Protection officer’s (DPO) in certain cases
- Implementing data protection by design and default, e.g. data minimisation
GDPR looks to have a trans-national effect on international companies. It applies to any personal data processed on any subjects in the EU. Consequently, any business processing such data outside the EU or any controller not established in the EU will be subject to the regulation if they want to target EU consumers.
Contact our GDPR compliance solicitors in Bournemouth
In addition to the above, the GDPR has a wide range of other consequences for Companies and LLPs. If you would like legal advice on how your business can prepare for the GDPR Compliance please contact Paul Longland for an initial no obligation discussion on 01202 294 566 or email firstname.lastname@example.org.
Chairman Tim Stone and Managing Partner Peter Rolph addressed the core issues of General Data Protection Regulation at the recent Connect HR Academy held at our Bournemouth office, find out more here.