Posted on 19th June, 2017
For this week’s blog, I have invited Legal Executive, Charlotte Alexander from our corporate and commercial team, to write a Q&A article on the new General Data Protection Regulation (GDPR) which comes into force next year. Charlotte and Louise White, solicitor in the same team, recently ran some seminars to make our clients and contacts aware of the GDPR changes and what we should all be doing to prepare. Details of future events will be published on our website, in the events page and on social media in due course.
When will the new Regulation apply?
25th May 2018
What can organisations expect?
Extended principles in data protection which include new features and procedures that will need to be incorporated into the day to day running of a business.
Organisations must devote time and effort, and prepare appropriate resources to implement the changes under the GDPR.
Which concepts are going to impact organisations the most?
Some of the key changes to expect are:
Accountability and Data Processors – data processors will have direct compliance obligations and shall be subject to penalties for the first time under the GDPR.
Validly obtaining Consent – this will be harder to obtain due to the very high standard of consent required by the GDPR. Organisations will need to be able to demonstrate consent was validly obtained.
Privacy Impact Assessments – organisations will need to perform data protection impact assessments (PIAs) before carrying out any processing that uses new technologies.
Enhanced rights of Data Subjects – organisations will need to respect the enhanced rights of data subjects and act accordingly.
Increased Enforcement Powers – fines under the GDPR will significantly increase.
What will organisations need to do?
Appoint a person or team to take responsibility for compliance with the GDPR.
Identify what data is held by the organisation and why? On what legal basis is the organisation processing the data i.e. consent, contractual, legitimate interests? Where is the data stored and who has access to it?
Review the organisation’s procedures, policies and privacy notices. All commercial agreements should be reviewed to ensure the new obligations and potential risks are covered.
Organisations should maintain detailed documentation in order to show paper trails relating to data processing activity and privacy impact assessments carried out.
How will Brexit affect Data Protection?
There are a lot of uncertainties surrounding Brexit. However it is likely that the UK will adopt a very similar or identical data protection policy to that of the GDPR.
Can Jacksons help?
Following on from our seminars ‘The New Data Protection Regime, Are You Ready?’ the Corporate and Commercial team shall be issuing a monthly newsletter during the countdown to May 2018, additional seminars will be held later in the year and the team can also undertake a full contract and policy review of organisations’ data protection procedures.
For more information please contact Charlotte Alexander at firstname.lastname@example.org or telephone 01642 356 504.