On 25 May 2018, the largest ever overhaul of data protection laws in the EU will take effect. Businesses must comply with the changes or face fines of ‚Ç¨20m or 4% of worldwide annual turnover. Despite this, many organisations have not yet started preparing for the changes.
The new General Data Protection Regulation (GDPR) will create clarity for businesses by establishing a single set of rules across the EU. The GDPR will replace the existing data protection legislation and will change the rules concerning processing of personal data – the changes are intended to strengthen the rights of individuals by imposing additional obligations on businesses.
The GDPR is a single legal framework that applies across all EU member states. In addition, even EU data controllers and data processors outside the EU will be subject to the GDPR if they offer goods/services to data subjects in the EU or if they monitor data subjects’ behaviour within the EU.
These changes will significantly impact businesses that process personal data as the changes will:
apply to data processors for the first time;
require businesses to keep more records to prove compliance;
oblige organisations to carry out new Privacy Impact Assessments where high risks to personal data are posed; and
force businesses to notify the authorities of serious data breaches.
Many businesses will need to make changes to their IT systems and their privacy policies to comply with the new GDPR. Effecting and implementing these changes will take time, so businesses should take steps now to ensure that they are able to comply with the new regulations once they take effect.
Regardless of Brexit, the regulations will still apply to all UK companies who deal with the EU as UK Government Ministers have confirmed that, in some shape or other, the GDPR will be adopted by the UK.
On Wednesday 27th and Thursday 28th September Moore Blatch and Carswell Gould join forces to host a GDPR breakfast briefing in Richmond and Southampton respectively. The two firms are uniquely combining their know-how on the subject to deliver insight about the legal and marketing challenges and opportunities presented by the GDPR.