On 25th May 2018 sweeping changes are being introduced to the law affecting data protection by virtue of the EU General Data Protection Regulation (‘GDPR’), which will remain effective until the UK eventually leaves the EU.
Accordingly, the changes cannot be ignored and all those affected by data processing considerations need to be alive to the changes.
Timothy Thompson of Kangs Solicitors comments generally upon GDPR.
Article 5 – The Principles | Kangs Data Protection Advisory Solicitors
This provides that personal data must be:
- processed fairly, lawfully and in a transparent manner in relation to the data subject.
- collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes.
- adequate, relevant and limited to what is necessary in relation to the purposes for which data is processed.
- accurate and, where necessary, kept up to date.
- kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
- processed in a way that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Key Operative Elements | Kangs National Regulatory Solicitors
- GPDR applies to ALL businesses that use personal data belonging to those residing in the EU.
- Personal Data is any information that can directly or indirectly identify a natural person, and can be in any format.
- Failure to comply by 25th May 2018 could have severe consequences.
Consequences Of Breach | Kangs GDPR Solicitors
Under GDPR service providers processing personal data on behalf of other businesses become directly liable to individuals for a breach of data security.
This is a complete change from the existing law whereby service providers cannot be held directly liable and data processors are completely liable for any non –compliance. However, the contract between the data controller and data processor may contain separate conditions between them.
Whilst the GDPR has added this new level of liability, it still distinguishes between the maximum fines that can be levied against data controllers and data processors, and a two tiered approach to fines has been established:
- €20 million or 4% of annual global turnover (whichever is higher) for Infringements of the organisation’s obligations
- €10 million or 2% of annual global turnover (whichever is higher) for infringements of an individual’s privacy rights.
Business may also face compensation claims from individuals for any material and/or non-material damages resulting from an infringement of the GDPR.
Further, Member States will have discretion to designate breaches of specific aspects of the GDPR as criminal offences.
Why Should I Prepare My Company For GDPR? | Kangs Regulatory Team
- the regulatory changes are substantial
- educating your company’s personnel will take time
- May 2018 is quickly approaching
- it will take time to implement compliant procedures
- the costs of compliance may be substantial
- the potential cost of non compliance may be enormous
- your trading partners may not stay with you if you are not compliant
- you are a director.
Directors and Officers Liabilities | Kangs Company Officers Advisory Team
GDPR will increase the liabilities for directors and officers for data breaches or personal data misuse, with France and Italy having already taken steps to penalise any failures.
How Can We Help? | Kangs GDPR Team
The initial steps have to be:
- seek expert advice for support and guidance,
- examine your current structures,
- identify changes needed to meet the new Regulation and
- form clearly defined policies and procedures
At Kangs Solicitors our GDPR Team will be able to assist you prepare for the coming changes to the law.
Who Can I Contact? | Kangs GDPR Solicitors
Should you wish to discuss anything in this article please do not hesitate to contact our Team through one of the following: