For this week’s blog, I have invited Legal Executive, Charlotte Alexander from our corporate and commercial team, to write a Q&A article on the new General Data Protection Regulation (GDPR) which comes into force next year. Charlotte and Louise White, solicitor in the same team, recently ran some seminars to make our clients and contacts aware of the GDPR changes and what we should all be doing to prepare. Details of future events will be published on our website, in the events page and on social media in due course.
When will the new Regulation apply?
25th May 2018
What can organisations expect?
Extended principles in data protection which include new features and procedures that will need to be incorporated into the day to day running of a business.
Organisations must devote time and effort, and prepare appropriate resources to implement the changes under the GDPR.
Which concepts are going to impact organisations the most?
Some of the key changes to expect are:
Accountability and Data Processors – data processors will have direct compliance obligations and shall be subject to penalties for the first time under the GDPR.
Validly obtaining Consent – this will be harder to obtain due to the very high standard of consent required by the GDPR. Organisations will need to be able to demonstrate consent was validly obtained.
Privacy Impact Assessments – organisations will need to perform data protection impact assessments (PIAs) before carrying out any processing that uses new technologies.
Enhanced rights of Data Subjects – organisations will need to respect the enhanced rights of data subjects and act accordingly.
Increased Enforcement Powers – fines under the GDPR will significantly increase.
What will organisations need to do?
Appoint a person or team to take responsibility for compliance with the GDPR.
Identify what data is held by the organisation and why? On what legal basis is the organisation processing the data i.e. consent, contractual, legitimate interests? Where is the data stored and who has access to it?
Review the organisation’s procedures, policies and privacy notices. All commercial agreements should be reviewed to ensure the new obligations and potential risks are covered.
Organisations should maintain detailed documentation in order to show paper trails relating to data processing activity and privacy impact assessments carried out.
How will Brexit affect Data Protection?
There are a lot of uncertainties surrounding Brexit. However it is likely that the UK will adopt a very similar or identical data protection policy to that of the GDPR.
Can Jacksons help?
Following on from our seminars ‘The New Data Protection Regime, Are You Ready?’ the Corporate and Commercial team shall be issuing a monthly newsletter during the countdown to May 2018, additional seminars will be held later in the year and the team can also undertake a full contract and policy review of organisations’ data protection procedures.
For more information please contact Charlotte Alexander at calexander@jacksons-law.com or telephone 01642 356 504.
Jacksons Law Firm - leading the way for business and personal legal solutions since 1876. We are a team of specialist lawyers offering business and personal legal advice.
With offices in Teesside and Newcastle covering the North east, Northumberland, Yorkshire and Cumbria.
We specialise in commercial property, corporate and commercial, employment, corporate recovery & insolvency, debt recovery, dispute litigation, wills, trusts & probate, family, matrimonial, residential conveyancing. Our priority is our clients, who range from national multi-site organisations to public bodies, SMEs and private individuals, all of whom benefit from having access to a highly experienced, approachable and friendly legal team. We focus on delivering first class results, providing real value and we strive to put our clients at the heart of our business.
Jacksons Commercial & Private Law LLP is a limited Liability Partnership authorised and regulated by the Solicitors Regulation Authority, Registration No 517634. Please refer to the SRA website www.sra.org.uk. Jacksons Law Firm, Jacksons Business Law and Jacksons Personal Law are the trading names of Jacksons Commercial & Private Law LLP. A list of Members is available for inspection at all of our offices. Registered office: 17 Falcon Court, Short Close, Preston Farm Industrial Estate, Stockton on Tees TS18 3TU. Registered in England OC305011. VAT No 977530385.