data protection
Digital Lockdown & Heavy Fines as Data Protection is Overhauled
General Data Protection Regulation (GDPR)
A concerning number of individuals and companies are still unaware of the looming changes to data protection laws throughout the European Union and the United Kingdom (regardless of BREXIT). As of the 25th of May 2018 everyone must strictly comply with the new regulations or face significant fines. The most crucial changes to be initially aware of are:
Heavy Penalties
Any company or organisation found to be in breach of the GDPR will be liable to a fine of up to 20 Million Euros or 4% of their annual global turnover, whichever is the greater. For companies such as Google this means fines up to 35 Million USD. For your average high-street business then technically fines are imposable up to 20 million euros. Now there is a tiered approach to fines but it is still significant for small businesses. By example simply not having data records in line with the requirements triggers a 2% of turnover fine. A startling change.
The Flipping of Consent
Long terms and conditions, illegible language, jargon and ‘legalese’ are gone. Any requests for personal data and its use, storage and passing on must be clear and obvious and must now clearly state the purpose for holding the data. More crucially ‘opting out’ of marketing is no longer allowed. Unless an individual positively ‘opts in’ then an offence is committed. The situation is even worse for those companies with mines of data, marketing address and mail outs. Unless ‘opt in’ can already be proven every single individual must be contacted and actively opt in to receiving future communications.
Notice of Breach
One of the most simple, but strict changes. If a breach of the regulations occurs then you have only 72 hours to fully notify the relevant body. The time limit starts from the moment you are reasonably expected to know about the breach. Further, you must also notify every single individual that may be affected without undue delay.
The Extension of Scope
Companies that have offshore registrations, investments or dealings will now, at all times, be caught by Data Protection. The new legislation is ‘extra-territorially applicable’ meaning that if you conduct any processing of any data that relates to any individual in any European Member State you are bound under the GDPR regardless of the registered nationality, location or dealings of your company.
Data Protection Officers
Any companies or individuals who regularly handle large amounts of data, whose core activities consist of processing personal data or such like must have an independent DPO reporting straight to the highest level of management. In a positive change, record keeping will become an internal matter but may be inspected at any time.
Enshrined Rights For ALL Individuals:
A Right To Access All Personal Data:
The right to know what data is held about you, why it is held, for what purpose it is being used. Further, for copies of all data to be provided, free of charge, in an electronic format.
The Right To Be Forgotten:
To have all personal data permanently erased. To stop any further use of personal data and to potentially halt all processing by third parties. However, this does not outweigh any public interest in retaining data such as criminal records, debts etc. There are complex rules to consider.
A Right To Data Portability:
The right to receive all of your personal data, in a standard computer format commonly used by the wider public. Further, the right to have that data transmitted to another company or controller at will.
This is only a very basic summary of the 88 page, 99 Articled Regulation from the European Union. Small to medium businesses are expected to take 6-8 months on average to be able to fully comply with the regulation. Larger companies can expect the process to take in excess of a year. Owing to our modern, data driven society this posses a significant problem and potential threat to business owners.
Here at the Commercial Law Practice we provide a personal, all encompassing view . Our aim is to provide you and your business with the practical and professional advice that you need and deserve.
Law But Differently.
