Articles From the Team
The GDPR and your business…
The following is not intended as legal advice. Today’s topic is the impending General Data Protection Regulations (GDPR – which is the EU regulation for strengthening and unifying of data protection for individuals living within EU countries) and my understanding of how this may affect businesses in the future and how prepared those businesses are to adopt the regulations of the same.
In short if your business is affected by the Data Protection Act then you are going to be affected by the GDPR. The other thing to realise is that if you get it wrong and are fined by the Information Commissioner’s Office (ICO) then that could cost you up to 4% of your global revenue, trust me if I could buy shares in the ICO right now I would be loading up with all my little legs could carry. The ICO are about to become a very rich organisation, hence their future reduction in the requirement to maintain registration with them (and therefore potential subscription charges) and the ICO outsourcing the burden of maintaining data processing records back on to the businesses.
For those businesses amongst you that were hoping to get saved by Brexit then I have some bad news for you…all EU regulations that are in force at exit date will be enshrined in UK law. GDPR is due to come into force on 25th of May 2018. Even if Article 50 were activated now that would still mean that, given the 2 year process to exit the EU, the GDPR is comfortably over the line.
Imagine if GDPR had been in force when TalkTalk conducted their data protection misdemeanour, instead of a fine of £400,000 (which was close to the maximum the old rules allowed) they would have been staring down the barrel of an approx. £60million fine. How many lawyers can you buy for that?
In general I would say that businesses are aware of the rules but simply knowing what data they hold, why they hold it, where it’s kept and how long it should be kept for, will present obstacles that many organisations will struggle with.
There is no better time to become a specialist/consultant in data protection law, your capability to save businesses quite literally percentage points of their annual revenue has never been more clear cut.
Let’s see how businesses continue to position themselves in 2017, and ultimately what the change in 2018 brings; apart from a pay rise all-round at the ICO.
If you want to read more then please see the following references/links:
https://ico.org.uk/for-organisations/data-protection-reform/
http://www.computerweekly.com/news/450296306/10-key-facts-businesses-need-to-note-about-the-GDPR
For more information contact Mike Huggins at BCL Legal.