New data protection regulation – the clock is ticking
5th May, 2016
In a surprise move, the new European regulation on data protection has been published, some two months ahead of schedule.
The new rules will have a significant impact on anyone who uses, holds or processes any personal information as part of their business or organisation.
What has happened?
While a move towards a new Europe-wide data protection regime has been in process for some time, many UK commentators were not expecting the final regulation to be published until July this year.
However, the General Data Protection Regulation (GDPR) was published on 4 May and will come into force on 24 May 2016.
Although the GDPR will not apply until May 2018, businesses and organisations need to get up to speed with how it will affect them and what action they need to take.
What does the new regime do?
Put very briefly, it aims to strengthen protection for citizens when it comes to the use of their personal information. That is likely to have a major impact on many businesses and organisations for whom data is a significant asset, since the regime contains a corresponding burden on both controllers and processors to deliver these improved safeguards.
The European Commission describes the GDPR as “an essential step to strengthen citizens’ fundamental rights in the digital age and facilitate business by simplifying rules for companies in the Digital Single Market”.
What does this mean for me?
Any business or organisation that stores personal information, processes it, transmits or shares it faces new European and national regulations which they will have to comply with.
There are some quite significant changes, and potentially onerous requirements, so businesses and organisations are going to have to start planning for these changes sooner rather than later. Indeed for some, it may require a fundamental change to their business or operating model.
The GDPR will apply from 25 May 2018 and businesses and organisations not complying from this date could face potentially serious penalties of the higher of up to 20m Euro or 4% of total worldwide annual turnover.
What can Ward Hadaway do?
Between now and May 2018 we will be offering businesses and organisations a range of ways to help them comply with the GDPR, including training sessions, briefing notes and client help programmes.
We will keep you briefed on the situation and on any developments as May 2018 comes ever closer.
In the meantime, if you have any immediate questions or urgent queries, please get in touch.
Please note that this briefing is designed to be informative, not advisory and represents our understanding of English law and practice as at the date indicated. We would always recommend that you should seek specific guidance on any particular legal issue.
This page may contain links that direct you to third party websites. We have no control over and are not responsible for the content, use by you or availability of those third party websites, for any products or services you buy through those sites or for the treatment of any personal information you provide to the third party.