You are here

Data Protection Compliance: New Rights. New Responsibilities. New Obligations.

Andrew Humphrey's picture
Published: 08/01/18 - Country: United Kingdom

In May 2018 a new law will come into force which fundamentally affects the way that you use data to market, provide services and run your business.

Amongst many things, the new laws will require you to:

  • Notify the Information Commissioner’s office and the person concerned in the event of a data breach within 72 hours.
  • Review and/or revise your justification(s) for collecting and using data; and make it as easy to withdraw consent as it is to give it.
  • Modify your consent processes to ensure compliance with the law, to include your I.T. and cookie policies.
  • Engage ‘fair processing’ noticed throughout in order to warn people how their data will be gathered and used.
  • Conduct a root and branch audit of your data processing and conduct Private Impact Assessments where appropriate.
  • Implement ‘privacy by design and default’ in relation to the way you collect and use data.
  • Action and facilitate the ‘right to be forgotten’.
  • Service subject access requests much quicker.
  • Train your staff properly on all the key stages.

This will require considerable advanced preparation.

The price of non-compliance could be up to 2-4% of global turnover in fines depending on how severe the data breach is and what efforts you made to comply with the law in the first place.

How we can help your business

  • Properly document your top-down compliance directives.
  • Produce GAP analyses, implement legally compliant risk assessments and initiate roll-out programmes designed to: minimise the risk of regulatory breach; help organise the implementation of ‘privacy by design’; educate and train employees and participants in order to achieve a culture of compliance.
  • Draft appropriate codes of conduct, amend contracts of employment and employee handbooks and update induction processes.
  • Ensure compliance with requests made pursuant to statutory processes.
  • Amend client/supplier Terms & Conditions to shield the Company against liability for a data breach.
  • Produce a bespoke data-breach response pack to facilitate the ability to notify third parties within the required 72 hour window.

And all for a fixed fee package.

Find out more and get a free 60min workshop

Our GDPR experts will deliver an hour-long workshop at your workplace, allowing your business to understand the issues and what you have to do next. If you would like to take advantage of our limited time Free Workshop offer, complete the form below and a solicitor from our Data Protection Compliance team will respond shortly.

You can also receive a copy of our free PDF Briefing on the new GDPR for Directors and Managers.

*Workshops only available for offices located in the Greater London area.

Request a free copy of "Briefing on the new GDPR for Directors and Managers"

Article Rating: 
Average: 4 (4 votes)
Total reads: 790
Andrew Humphrey's picture

Andrew Humphrey is a senior associate at Bishop & Sewell LLP, and leads the Employment and Business Regulations team.Andrew’s has advised app developers, e-advertising agencies and social media start-ups on how to navigate current data legislation, and the new GDPR. He is also the director of his own tech company. He writes on data protection issues and been published in Mondaq. He has also explored the changes that regulated industries need to make to adapt to the new data landscape. Andrew also works internationally on data issues.