Gregor Kleinknecht and Petra Warrington discuss the new GDPR EU Regulation

  • June 15, 2017
  • By Hunters Law

GDPR: data protection version 2.0

The acronym GDPR does not exactly roll off the tongue, but anyone running a business, or processing personal data in any other capacity, whether as a charity, educational institution, membership organisation or employer, must familiarise themselves with it sooner rather than later.

The new General Data Protection Regulation (GDPR) is an EU Regulation that will take direct effect in all EU Member States, including the UK, on 25 May 2018.  In the UK, the GDPR will replace the Data Protection Act 1998 (1998 Act).  For the EU, the GDPR forms part of a bigger picture: the project of creating the digital single market.  It is generally anticipated that, following Brexit, the GDPR will be incorporated into UK national law and continue to apply without significant changes.

The current data protection regime pre-dates the digital age with its social media platforms, cloud computing, e-commerce, online banking, content streaming, computerised patient records, etc, and was simply no longer considered fit for purpose in an increasingly online and globalised world.  Moreover, large scale and well-publicised data breaches in the telecommunications and banking sectors have recently put data protection and security at the forefront of many consumers’, businesses’ and governments’ minds.

The GDPR is aimed both at harmonising and enhancing the regulatory framework governing data privacy across the EU, and at transforming the approach organisations take to protect citizens (called ‘data subjects’) from infringements of privacy law.  The GDPR will provide greater data protection for EU citizens in an increasingly digital, technological and globalised world and should be welcomed.  Examples where the GDPR will make a practical difference are data subject consent to data processing and profiling.  Importantly, the GDPR recognises that data flows no longer stop at national borders. The new rules will therefore apply to the processing of personal data of any person who is in the EU, even if the data controller or processor is not established in the EU.  In plain English, this means that social media companies based in the US will have to comply with the GDPR if they process the personal data of anybody who lives in the EU.

The UK is given an element of discretion as to the implementation of the new data protection regime, and can make additional provision in relation to some issues.  One such issue is the age at which a child can validly consent to the processing of their personal data, where information society services are offered directly to that child.

Anybody who processes personal data must start preparing now.  The Information Commissioner’s Office (ICO) is developing guidance on the implementation of the GDPR and has already published a very useful guide: Preparing for the General Data Protection Regulation (GDPR) – 12 steps to take now.  Hunters Solicitors is working with clients to audit what personal information they collect and how they process it.  The next step will be for the firm to assist clients with reviewing and updating their privacy and data protection policies, and their terms and conditions of business, to ensure compliance of their data processing and protection procedures with the new rules.  Businesses must also start planning ahead for what should happen in the event of a data breach, and familiarise themselves with who they must report a breach to.

In order to reduce red-tape for small businesses, the GDPR includes a derogation for organisations with fewer than 250 employees with regard to record-keeping.  In addition, the EU institutions and Member States, and their supervisory authorities – such as the ICO in the UK – are encouraged to take account of the specific needs of micro, small and medium-sized enterprises in the application of the GDPR. However, there will still be a need for organisations to learn about the changes and how to implement them – invariably, implementing changes will cause disruption during a transitional period.

Not being ready to comply with the new rules when they come into force will not be an option.  In this increasingly security conscious world, companies will be at a major competitive disadvantage if they cannot guarantee customer/client data protection.  Equally importantly, the GDPR enables large fines to be imposed for breaches of data protection rules, and permits individuals and groups to bring claims for compensation if they have suffered damage as a result of non-compliance.  Acting now and developing a strong plan for implementing the new rules will be essential for all businesses.

Gregor Kleinknecht, Partner

Petra Warrington, Associate

Related News

Jul 22, 2021
Gregor Kleinknecht and Constance Tait examine the impact on trademark litigation and provide 10 tips on navigating the post-Brexit era in Managing IP
Jul 16, 2021
Gregor Kleinknecht and Anastassia Dimmek examine the growing threat of zombie firms in Lawyer Monthly
Jul 07, 2021
Richard Baxter and Constance Tait examine a report suggesting that firms with targeted support for ethnic minority workers see benefits
Jun 28, 2021
Richard Baxter discusses UK-EU Data Protection and how adequacy decisions avoid imminent disruption to data flows
Jun 23, 2021
Richard Baxter and Constance Tait examine the recent Burnell v Trans-Tag Ltd case in the High Court
Jun 22, 2021
Anastassia Dimmek discussed the key challenges of protecting clients’ healthy businesses from zombie firms in a webinar hosted by Advoselect
Jun 18, 2021
Richard Baxter and Constance Tait discuss the looming annual returns deadline for employee share schemes
May 18, 2021
Hunters hosted the Withdrawal and The Trade Marks Act 1994 webinar
Mar 17, 2021
Stephen Morrall comments on Uber drivers entitled to minimum wage, holiday pay and pension following the Supreme Court decision in The Sunday Times Driving, The Times and the Daily Mail
Feb 19, 2021
Stephen Morrall comments on Uber losing a landmark Supreme Court battle in the Evening Standard and the Financial Times

© Hunters Law LLP 2021 | Privacy NoticeLegal & Regulatory | Cookies Policy | Complaints Procedure.

Hunters Law LLP is authorised and regulated by the Solicitors Regulation Authority (number 657218)