News

Data Protection: Reloaded

  • July 17, 2017
  • By Hunters Law

Data Protection: Reloaded

The data protection regime which is currently meant to provide our electronic life with basic privacy and protection is set out in the Data Protection Act 1998 and in related legislation.  The 1998 Act in turn implemented the European Data Protection Directive of 1995 into UK law.  That was a very different age from today’s world, where pretty much everything about us, from our bank details, over social networking activities and holiday photos down to our medical history is a piece of data available at the touch of a button and we are directly or indirectly identifiable to the many sites and service providers which we rely upon (and many we don’t).

The press has been awash with examples recently of wholesale data breaches and of personal data being illegally accessed while entrusted by customers to organisations such as telecom service providers and banks.  A revamp of the data protection rules has long been overdue to make them fit for an increasingly digital, technological and globalised world, and to give enforcement more teeth.  Again, the impetus is coming from the EU with the aim of providing greater data protection for EU citizens.  The new General Data Protection Regulation (GDPR) will be directly applicable in all EU member states from 25 May 2018, by which time organisations that process our data will have to be compliant with the new requirements.  In the UK, the GDPR will replace the 1998 Act, Brexit notwithstanding, and the anticipation is that, following Brexit, the rules will be incorporated initially unchanged into national UK law.

The new Regulation is aimed both at harmonising and enhancing the regulatory framework governing data privacy and at transforming the approach that organisations take to protecting you and me (or ‘data subjects’, in tech speak) from infringements of privacy laws.  So how exactly will the GDPR strengthen data protection?  First, the requirement of consent to the use of personal data will be strengthened and made more transparent while at the same time making it easier to withdraw consent.

Secondly, both data controllers, who determine the purpose and means of collecting personal data, and data processors, such as cloud service providers, must comply with a strict notification policy: a data protection breach which poses a risk to individuals must be notified to the national supervisory authority within 72 hours and to affected individuals without undue delay.

Thirdly, the GDPR vests greater power in data subjects to obtain information on, gain access to, and exercise control over any personal information that is being processed about them and why; the ‘right to be forgotten’ will also be strengthened.

‘Privacy by design’ will become a legal requirement, meaning that controllers must incorporate data protection systems at the outset of their activities rather than to add procedures and frameworks at a later stage.

The GDPR will simplify and harmonise the role of Data Protection Officers and it will generally no longer be necessary to submit notifications and registrations to local Data Protection Authorities.

Importantly, the GDPR will extend data privacy for EU citizens beyond the physical boundaries of the EU: even if an organisation is located outside of the EU it must still comply with the GDPR requirements when processing the personal data of EU citizens.  The GDPR will enable substantial sanctions to be imposed on organisations found in breach of its requirements and in circumstances where there has been a serious infringement, fines of up to 4% of annual global turnover or €20million can be imposed, whichever the higher.  Let’s hope that these enforcement powers will be used to give real effect to data protection and privacy.  Not surprisingly, many organisations that collect and process personal data have already started to adapt to and implement the new regime.

Gregor Kleinknecht

Partner

Hunters Solicitors

This article was originally published in Discover Germany and can be accessed on page 124 here

Related News

Feb 18, 2020
Amanda Lathia examines partnerships and important factors to consider that will help navigate future challenges
Feb 14, 2020
Gregor Kleinknecht comments on new rules for copyright in the EU in IBA Global Insight
Nov 27, 2019
Amanda Lathia discusses firing employees over social media posts in HR Grapevine
Nov 27, 2019
Amanda Lathia comments on the Supreme Court case that led to Royal Mail employee’s dismissal in Personnel Today
Oct 23, 2019
Gregor Kleinknecht’s chapter on trade marks and design rights post-Brexit published in Winning with IP
Oct 17, 2019
Amanda Lathia comments on the Supreme Court employment ruling in favour of Judge Claire Gilham in The Times
Sep 18, 2019
Amanda Lathia discusses how the Gig Economy continues to shape the legal status of a worker in Employer News
Aug 20, 2019
Amanda Lathia and Polly Atkins discuss DSARs on the rise since GDPR introduced in 2018, in Lawyer Monthly
Aug 15, 2019
Gregor Kleinknecht discusses trading in antiquities in Discover Germany’s September 2019 Issue
Aug 15, 2019
Amanda Lathia and Polly Atkins discuss UK businesses coping with data subject access requests since GDPR was introduced, in GDPR.Report

© Hunters Law LLP 2020 | Privacy NoticeLegal & Regulatory | Cookies Policy | Complaints Procedure

Hunters Law LLP is authorised and regulated by the Solicitors Regulation Authority (number 657218)