GDPR: time to start thinking about the new rules coming into force from 2018

The EU’s General Data Protection Regulations (GDPR) will apply in the UK from 25 May next year. The headline changes include:
1. Direct compliance liability for processors
2. Increased transparency through more detailed notices
3. Extra-territorial scope
4. Enhanced individual rights
5. Application of strict retention periods
6. Privacy by Design & Default and Privacy Impact Assessments
7. Mandated processor terms
8. A significant step-change in relation to fines for non-compliance
According to figures from the UK’s Information Commissioner’s Office, the fines for data protection breaches in the UK reached around £3.2 million in 2016. Whilst this sounds significant, this figure will increase substantially once the GDPR comes into play.
With increasingly tighter requirements around how employers must maintain and process personal data, and with the number of fines issued for breaches of UK data protection laws on the increase, many employers are already looking to employ permanent staff dedicated to ensure compliance with the new rules.
In fact, a survey carried out by recruitment firm Robert Half has suggested that two-thirds of firms have confirmed that they intend to employ a permanent member of staff to deal with this issue, whilst 64 per cent of firms intend to take on temporary staff to assist the business in transitioning to the new regime.
It has also been confirmed that, whilst the GDPR is EU legislation, British data protection laws will remain aligned with the new regulations after Brexit. In light of that, employers should be taking steps now to familiarise themselves with the GDPR and the more stringent rules that are going to apply, so that the risk of regulatory enforcement action can be minimised.

Helena Rozman

About Helena Rozman

Helena has experience in acting for both employees and employers covering both contentious and non-contentious work. Helena's experience includes defending Employment Tribunal claims and engaging in settlement negotiations; advising clients on complex disciplinary matters, exit strategies and large restructuring exercises, including TUPE and redundancy; co-ordinating and responding to data subject access requests; advising on the employment implications on business and asset purchases and outsourcing arrangements; project managing and advising clients on multi-jurisdictional projects with our international offices; drafting settlement agreements for exiting employees; advising on the employment aspects of corporate transactions and undertaking due diligence; and reviewing contracts, company handbooks and policies.

Full bio