We offer expert legal advice and support for data protection issues.
We guide and support businesses in data protection compliance and in dealing with data subject access requests.
We can also assist individuals to understand their rights.
We deal with:-
General Data Protection Regulation - act now for incoming data protection law
New European Union (EU) data protection rules which will become law in May 2018 will affect every business and organisation and cannot be ignored.
The final text of the General Data Protection Regulation (GDPR) was agreed in December 2015 after four years of political negotiations and lobbying involving all 28 EU member states.
The EU's new data protection rules will impact every entity that holds or uses European personal data both inside and outside of Europe.
The government underlined post Brexit the need for the UK to be seen as a data protection compliant country. GDPR will affect non EU businesses as well as EU.
The GDPR, aimed at reforming the out-dated EU Data Protection Directive, was approved by the EU parliament in January 2016. The British government fed into the changes and despite Brexit will have comply with the regulations if it wishes to trade with EU partners.
Take immediate action
Ignoring the GDPR until it becomes enforceable in 2018 is a huge mistake and companies should take immediate action.
The act is all about transparency and making sure data is secure and used in the correct way. The concept of monitoring the behaviour of EU residents by tracking their digital activities has to safeguarded.
The GDPR will impact every data controller and processor that holds or uses European personal data both inside and outside of Europe. That could be health companies to research businesses, doctors’ surgeries to Plcs and local authorities.
Businesses which are now not well versed with data protection requirements are going to have to gear up for GDPR.
Companies will have to go through all their customer facing documentation, rewrite their terms and conditions, review clauses relating to data use and create separate documents on the capture, use and termination of data.
Heavy financial penalties for non-conformity
A key element of the GDPR is not only increased compliance requirements, but heavy financial penalties for non-conformity - up to €20m or 4% of annual worldwide turnover for groups of companies, whichever is greater.
The fines apply to infringements of the basic principles for processing, including conditions for consent, data subjects’ rights, the conditions for lawful international data transfers, specific obligations under national laws permitted by the GDPR, and orders by data protection authorities including suspension of data flows.
The GDPR will involve far more interface with a regulator. Data protection officers will be responsible for reporting breaches, demonstrating the auditing of processes and safeguarding.
Organisations now face the challenge of having only 18 months to implement all the necessary changes to their systems and operations to meet the new compliance requirements.
GDPR is a model change in the way that data collection and use is regulated. Regulators in Europe will ensure that citizens are protected by the most stringent data laws in the world.
Although 18 months may seem like a reasonable time to prepare for the regime, organisations will need to completely transform the way they collect and use personal information.
Adopting new behaviours on data
This is not a compliance or legal challenge; it is much more profound than that. Organisations will need to adopt entirely new behaviours in the way they collect and use personal information.
One of the fundamental changes is companies providing data services to other companies, known as data processors, will also be subject to the GDPR, and face the same hefty breaching fines, which will affect technology service providers in particular.
The GDPR adopts prescriptive rules around how organisations will need to demonstrate that they comply with the GDPR.
Businesses will have to genuinely adopt governance and accountability standards and not pay lip service to data privacy obligations.
Organisations’ strategy and approach to comply with the GDPR will need to focus on three key components - a new compliance journey, a new transparency framework and a new enforcement, sanctions and remedies framework.
New compliance journey and transparency
The new compliance journey will require companies to map and classify all their personal data; perform risk assessments; design privacy protections into all new business operations and practices; employ dedicated data protection officers in many cases; monitor and audit compliance; and document everything they do with data and everything they do to achieve legal compliance.
The new transparency framework will require entities to re-think how they engage with people, including their contracting and permissions processes and how they give clear and full information on what is happening to personal data.
When a breach of security or confidentiality arises, entities will have to notify the incident to the regulators. In many cases, they will have to notify the people affected.
The new enforcement, sanctions and remedies framework will give regulators unprecedented powers to intervene in business and shape how entities conduct their operations, including the power to impose these heavy fines.
Changes will mean individuals can exercise a “right of data portability”, and will have clarity on the “right to be forgotten” together with enhanced rights of access to their data and to demand the end of use of their data. They will also be able to sue entities for compensation
The GDPR will make businesses more accountable for their data practices.
This is the area where the heavy weight of the GDPR will be most felt in practice. New responsibilities such as data protection by design, data protection by default, record keeping obligations, data protection impact assessments and prior consultation with data protection authorities in high-risk cases will require managerial effort and investment.
Many of these obligations are entirely new, so for the majority of businesses this will mean a substantial learning curve.
Key changes to EU data protection introduced by the GDPR
Wake Smith solicitor Holly Dobson has 10 year’s legal experience in data protection issues including advice on significant data breaches.
For further information and advice on the GDPR contact Holly at firstname.lastname@example.org or call 0114 266 6660.
These articles provide useful and updated information on different sectors of the legal industry.
Sign up for our free monthly e-newsletter. Please register your details below to receive the latest legal news and developments.
We will not share your details with any third party organisations.
Click on the links to the right for more useful information:
Get expert legal advice from one of Sheffield’s most respected law firms, Wake Smith Solicitors.
Our team of friendly, professional solicitors can provide support and advice in a wide range of areas for you and your business. Call our Solicitors in Sheffield on 0114 266 6660 or fill out the simple form below and we will get back to you as soon as possible.
For all media enquiries, please contact Abby Worsnip or Billy Greenhalgh at www.agentpr.co.uk
Please enter your first name.
Please enter your surname.
Please enter your address.
Please enter your contact telephone number.
Please enter your e-mail address.
Please enter a valid e-mail address.
Please enter what method you wish to be contacted via.
Please select what practice area you are interested in.
Please enter your enquiry.
Please check the box to confirm you are not a robot.
The form has been successfully submited. Thank you for your enquiry.
Monday to Friday
8:30 a.m. – 5:30 p.m.
DX: 10534 Sheffield 1
Car park and Disabled Facilities
If you have any special requirements relating to disabled facilities please contact John Liversidge on 0114 224 2075 or at email@example.com