Last year the UK Government confirm that it will be adopting the European General Data Protection Regulation (GDPR) (Brexit won’t save you!). While complying with the existing data protection regime should give businesses a head start to complying with the GDPR the GDPR introduces new concepts.
It comes into force on 25 May 2018, introduces a risk based approach to compliance and requires various documents to be maintained. GDPR also means that businesses may need to make substantial changes to their existing compliance strategies. Businesses should create awareness among staff of data subjects’ rights and data protection principles and bee able to demonstrate compliance with the GDPR, e.g:
o Audit and document the data held, where it came from and with whom it is shared.
o Review and document the legal basis for processing.
o Review privacy notices and, if necessary, change them.
o Review security arrangements
o Check arrangements with Data Processors (i.e. those who process personal data on your instructions).
Businesses should familiarise themselves with the new “accountability principle” which provides that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.” So, this will mean putting in place documentation to demonstrate compliance.
The ICO’s increased enforcement powers should bring all of this into sharp focus. Currently the ICO has the power to issue fines of up to £500,000 for breaches of the principles of data protection. The GDPR will introduce a two tier system of fines as follows:
Tier 1 fine is 2% of global turnover or €20,000,000 (whichever is greater) for breaches in relation to e. g. record keeping and security. Tier 2 fine is 4% of global turnover or €40,000,000 (whichever is greater) for breaches in relation to e.g. the data protection principles and data subject rights.
How can Gotelee help?
If you would like to make sure you don’t get stung by these new laws, you can get advice from our data protection specialist Victoria Spellman by emailing her on 01473 298181 or emailing Victoria.email@example.com