General Data Protection Regulation ((EU) 2016/679)

17th August 2017

On 25 May 2018, the GDPR will become directly applicable in all EU member states and, despite Brexit negotiations, the UK Government has confirmed that it will be implementing these new rules in full. Designed to be more future-proof than its predecessor, the Data Protection Directive, the GDPR aims to maintain its relevance in an environment where technology is constantly changing. With the limit on fines for breach of the GDPR increasing, from £500,000 under the current regime, to the greater of €20 million or 4% of worldwide turnover, it is important that organisations start preparing now to ensure compliance next May.

The GDPR applies to any organisation which controls or processes personal data, such as the financial details, employment details, medical details and other personal information relating to an individual. It adopts a very broad definition of “processing” this personal data meaning that almost any activity an organisation is involved in relating to personal data is likely to fall within the GDPR’s scope.

Organisations which are compliant with the current regime are at a good starting point to ensure compliance with the GDPR. However, there are a number of key changes which organisations need to be aware of to avoid the severe sanctions above. Some of these key changes to the data protection regime include:

  • Expanded territorial scope
  • Increased enforcement powers
  • Higher standard of consent required for processing information
  • Direct compliance obligations for data processors
  • Strict rules relating to notification of breaches
  • Introduction of pseudonymisation (ie the processing of personal data in such a manner that the data cannot be attributed to an individual without additional information)
  • Right to erasure, also referred to as the “right to be forgotten”
  • New timescale for responses to data subject access requests

If you would like more information please get in touch and we will ensure that you are able to speak with one of our data protection specialists.

Enjoy That? You Might Like These:

articles

A need for a gender-neutral approach
9 July -
A recent case highlights the need for a gender-neutral approach in the courts. On 28 March, the Court of Appeal heard OneSavings Bank plc v Waller-Edwards [2024] EWCA Civ 302... Read More

articles

LMA update DAC6 riders
9 July -
The Loan Market Association (LMA) recently updated its riders covering DAC6. The riders generally remain the same in substance but the language has been updated to cover the UK implementing... Read More

articles

Further guidance on Fixed and Floating Charges: is an IP address in a debenture subject to a fixed or floating charge?
12 June -
We previously considered how the High Court in Avanti adopted a more nuanced approach to determining whether charges were fixed or floating (click here to read). In the recent case... Read More
Click here for more Insights