GDPR - your legal toolkit
The General Data Protection Regulation (GDPR) will be implemented in the UK, and the rest of the European Union, on 25 May 2018, replacing the Data...
GDPR - your legal toolkit
The General Data Protection Regulation (GDPR) will be implemented in the UK, and the rest of the European Union, on 25 May 2018, replacing the Data Protection Directive 1995 (DPD). The GDPR, or something very similar to it, is highly likely to be in force after the UK leaves the EU.
The GDPR revolutionises data protection and has a potentially huge impact on all businesses using and storing data. Organisations breaching the GDPR will face penalties of up to €20 million or 4% of global turnover, whichever is highest. As time is ticking by, businesses now need to understand how the new law will affect them and put in place measures to comply.
As we leave the EU, we will seek to maintain the stability of data transfer between EU Member States and the UK.
UK Government White Paper on the United Kingdom’s exit from and new partnership with the European Union
It is important you understand what these legal developments mean for you, your people and your business. This brief guide will take you through the key issues of the act and top tips on what to do next.
Who has to comply?
In short this will impact all businesses, however you will need to pay particular attention if you are a data controller or a data processor within a business established within the EU.
If you are a data controller or a data processor within a company established outside the EU and are either:
- offering goods and services to individuals in the EU or
- monitoring the behaviour of individuals taking place in the EU.
Questions to ask:
- Are you clear on what is defined as 'data' within your business and how it must be dealt with?
- Are your policies robust and up to date?
What will happen if you don't comply?
The supervisory authorities have both investigative and corrective powers. They can impose penalties such as:
- 2% global turnover or €10m
- 4% global turnover or €20m
None compliance could mean a penality fine of up to €20m
Key points to consider
The key points to consider will vary depending on the sector you are in and will relate to your individual business. Below are a list of generic points to help start your own review process:
- accountability for the collection and use of data of employees third parties and customers
- managing more onerous obligations, higher penalties and enhanced individual rights
- data analytics and Big Data
- multi-channel marketing
- use of legacy databases and / or telematics
- personalisation and the customer experience
- profiling favourable customer identification
- innovation - Internet of Things and Artificial Intelligence
- in-store and on-line innovation
- information security, physical security and cyber resilience
- data sharing and off-shoring data
- managing and reporting data breaches
- data profitability.
We have been really impressed with what the team does. It is very up to date, with a strong
focus on current case law. It is knowledgeable and passionate about this area of law. We really rate them.
Chambers and Partners 2016
Steps to prepare for May 2018
These are the 10 key steps we would recommend to help prepare for the act.
- raise awareness of the impacts of GDPR
- secure an appropriate budget
- map key data flows
- undertake a compliance assessment and gap analysis
- determine the lead supervisory authority
- review and re-draft / draft relevant notices, policies and procedures
- review data governance and data breach reporting processes
- undertake a review of key third party arrangements and agreements
- employ or engage a data protection officer
- educate and train the business.
Hear from Mark Gleeson as he joined a panel of retail experts at a recent event to give his perspective on the opportunities that the EU General Data Protection Regulation will present, and how retailers will use data in the future to understand and interact with their customers.
About Browne Jacobson
We offer clear opinions and straightforward legal advice, whenever and wherever you need it – locally, nationally and internationally. Complex problems – understood, explained and resolved by a single team, across five offices nationally, working together in long term partnership with you – a genuinely different approach. Exceptional service, every time, from experts you trust and costs that reflect what you value in a law firm, not the things you don’t. Sometimes you just need a lawyer, but you’ll want to do business with us.
- sector experts, working in partnership with our clients - including blue chip corporates, local and owner managed businesses, NHS Trusts, major insurers, education and public sector organisations
- specialists in legal solutions across the private and public sectors, providing a unique offering where they overlap
- national reach from our offices in major UK cities including Birmingham, Exeter, London, Manchester and Nottingham
- experts in international fraud and asset recovery and international investment in the UK - we have a dedicated bilingual French inward investment team and are the founding member of Pangea Net, a non exclusive network of full service law firms with an international focus
- over 400 lawyers, including 125 partners, managed and supported by a team of professional specialists; we are an employer of choice with accreditations from Investors in People and featured in the Sunday Times 100 Best Companies to Work for (2013)
- recognised for our quality and externally accredited by Lexcel, ISO, and Investor in Customers
- a true partnership approach with our clients - our clients stay us with us for the long term because of our sector expertise, straightforward advice, pricing and product innovation and exceptional client service.
For more information about how we can help visit brownejacobson.com