12th June 2018
Now that the GDPR has come into force, it’s absolutely essential that businesses ensure they’re following the new regulations. The consequences of non-compliance have the potential to cause great financial damage and the enforcement agencies operating in each of the EU nations will be taking their new responsibilities incredibly seriously. Here, we take a look at a few GDPR basics, examine what’s changing under the new regulations, and what non-compliance could mean for your business.
The General Data Protection Regulation (GDPR) came into effect on the 25th May 2018. It applies to all member states of the EU and introduces a number of new processes, procedures, rights, and responsibilities concerning the way organisations handle personal data. The regulations aim to standardise data management practices across Europe and ensure that businesses and public bodies are collecting, storing, transferring, and deleting data in a secure and ethical manner.
How should data be handled?
The GDPR is predominately focused on the management of both ‘personal data’ and ‘sensitive personal data.’ The first of these terms is considered to mean any piece of data that can be used to identify an individual. This includes names, addresses, phone numbers, and IP addresses, among other things. Sensitive personal data is that data which is not readily available, like religious or political beliefs, sexuality, and genetic information.
In terms of the major implications of GDPR, there are a number of important factors businesses must consider if they’re to ensure compliance. They include:
One of the most eye-catching aspects of the GDPR is the willingness of EU authorities to back their policy with extremely large fines for non-compliance. Organisations that are found to have breached the regulations will face a financial penalty of up to €20million or 4% of global annual turnover, whichever is greater. While only the worst offenders will be hit with the maximum fine, the ability to tailor the punishment to represent both the severity of the crime and the financial clout of the infringing company, makes the GDPR a powerful regulatory tool. However, enforcement agencies in each of the EU nations covered by GDPR will aim to encourage and reward attempted adoption of the regulations – even if there are early issues with compliance – rather than immediately punishing businesses with severe fines. If organisations can demonstrate that they’re making concerted efforts to comply with GDPR, the UK government has offered reassurances that their approach will be defined by its leniency.
While implementation of the GDPR will result in widespread changes in the vast majority of UK businesses, it’s not as radical a departure from existing data protection regulations as has been portrayed. However, threatened with large fines and damage to their reputation, businesses need to ensure that they’re complying with the new measures.
Though we’ve listed the most important changes included in the GDPR, the legislation consists of over 90 individual articles. Consequently, businesses should seek legal guidance if they have any concerns relating to their own data handling and management practices.
If you have any further questions about GDPR or any other legal issues your business is facing, please contact Alec Brooks, Partner and Head of Company & Commercial on 01256 305503 or email email@example.com
The contents of this article are for the purposes of general awareness only. They do not purport to constitute legal or professional advice. The law may have changed since this article was published. Readers should not act on the basis of the information included and should take appropriate professional advice upon their own particular circumstances.
If you are need of professional, reliable legal advice, contact us today.
Lamb Brooks LLP
39 Winchester Street
f: 01256 330 933
Your Name (required)
Your Email (required)
© Lamb Brooks is authorised and regulated by the Solicitors Regulation Authority - SRA No 559661.
Lamb Brooks LLP (registered at Companies House OC363909) whose registered office address is: Victoria House, 39 Winchester Street, Basingstoke, Hampshire, RG21 7EQ
Website by Muze
Client Care Policy |
Privacy Notice |
Cookies Policy |