Gregor Kleinknecht and Petra Warrington discuss the new GDPR EU Regulation

  • June 15, 2017
  • By Hunters Law

GDPR: data protection version 2.0

The acronym GDPR does not exactly roll off the tongue, but anyone running a business, or processing personal data in any other capacity, whether as a charity, educational institution, membership organisation or employer, must familiarise themselves with it sooner rather than later.

The new General Data Protection Regulation (GDPR) is an EU Regulation that will take direct effect in all EU Member States, including the UK, on 25 May 2018.  In the UK, the GDPR will replace the Data Protection Act 1998 (1998 Act).  For the EU, the GDPR forms part of a bigger picture: the project of creating the digital single market.  It is generally anticipated that, following Brexit, the GDPR will be incorporated into UK national law and continue to apply without significant changes.

The current data protection regime pre-dates the digital age with its social media platforms, cloud computing, e-commerce, online banking, content streaming, computerised patient records, etc, and was simply no longer considered fit for purpose in an increasingly online and globalised world.  Moreover, large scale and well-publicised data breaches in the telecommunications and banking sectors have recently put data protection and security at the forefront of many consumers’, businesses’ and governments’ minds.

The GDPR is aimed both at harmonising and enhancing the regulatory framework governing data privacy across the EU, and at transforming the approach organisations take to protect citizens (called ‘data subjects’) from infringements of privacy law.  The GDPR will provide greater data protection for EU citizens in an increasingly digital, technological and globalised world and should be welcomed.  Examples where the GDPR will make a practical difference are data subject consent to data processing and profiling.  Importantly, the GDPR recognises that data flows no longer stop at national borders. The new rules will therefore apply to the processing of personal data of any person who is in the EU, even if the data controller or processor is not established in the EU.  In plain English, this means that social media companies based in the US will have to comply with the GDPR if they process the personal data of anybody who lives in the EU.

The UK is given an element of discretion as to the implementation of the new data protection regime, and can make additional provision in relation to some issues.  One such issue is the age at which a child can validly consent to the processing of their personal data, where information society services are offered directly to that child.

Anybody who processes personal data must start preparing now.  The Information Commissioner’s Office (ICO) is developing guidance on the implementation of the GDPR and has already published a very useful guide: Preparing for the General Data Protection Regulation (GDPR) – 12 steps to take now.  Hunters Solicitors is working with clients to audit what personal information they collect and how they process it.  The next step will be for the firm to assist clients with reviewing and updating their privacy and data protection policies, and their terms and conditions of business, to ensure compliance of their data processing and protection procedures with the new rules.  Businesses must also start planning ahead for what should happen in the event of a data breach, and familiarise themselves with who they must report a breach to.

In order to reduce red-tape for small businesses, the GDPR includes a derogation for organisations with fewer than 250 employees with regard to record-keeping.  In addition, the EU institutions and Member States, and their supervisory authorities – such as the ICO in the UK – are encouraged to take account of the specific needs of micro, small and medium-sized enterprises in the application of the GDPR. However, there will still be a need for organisations to learn about the changes and how to implement them – invariably, implementing changes will cause disruption during a transitional period.

Not being ready to comply with the new rules when they come into force will not be an option.  In this increasingly security conscious world, companies will be at a major competitive disadvantage if they cannot guarantee customer/client data protection.  Equally importantly, the GDPR enables large fines to be imposed for breaches of data protection rules, and permits individuals and groups to bring claims for compensation if they have suffered damage as a result of non-compliance.  Acting now and developing a strong plan for implementing the new rules will be essential for all businesses.

Gregor Kleinknecht, Partner

Petra Warrington, Associate

Related News

Jan 30, 2023
Stephen Morrall and Sophia Smout examine the new rules on flexible working in People Management
Dec 12, 2022
Stephen Morrall comments on the new flexible working rights in Personnel Today
Oct 18, 2022
Stephen Morrall comments on gig economy rulings challenging pension enrolment in Law360
Sep 20, 2022
Stephen Morrall and Annabelle Woosnam discuss the legal rights for gig economy employees to a pension in People Management
Jul 06, 2022
Stephen Morrall and Annabelle Woosnam discuss pensions in the gig economy, in Employee Benefits
Feb 18, 2022
Gregor Kleinknecht discusses Trademarks, Design Rights and Copyright to Promote Business Growth and Innovation in University of Buckingham Press
Feb 11, 2022
Stephen Morrall comments on what COVID rules means for workers and employers in Mail Online, This is Money, Mail on Sunday, Daily Mail and MSN Money
Jan 14, 2022
Gregor Kleinknecht comments on the General Court clarifying the law on rights of representation before EU courts in Managing IP
Nov 30, 2021
Stephen Morrall and Aman Khokhar explore how employers can best determine worker status in People Management
Nov 17, 2021
Richard Baxter examines whether Brexit creates uncertainty for online software sales agents in Reports Legal

© Hunters Law LLP 2023 | Privacy NoticeLegal & Regulatory | Cookies Policy | Complaints Procedure.

Hunters Law LLP is authorised and regulated by the Solicitors Regulation Authority (number 657218)