Old Leigh-on-sea Christmas Market 7th & 8th December 2024

What is GDPR?

December 18, 2017 by Philip Giles at Giles Wilson Solicitors

Why is everyone talking about GDPR?

For those who think the Right to Erasure is about an entitlement to reminisce with some ‘80s synth-pop (which I agree is no bad thing), it is time to wake up to the General Data Protection Regulation (GDPR), which comes into effect on 25 May 2018 and which affects just about every business in the UK (regardless of Brexit). It is a complete overhaul of our data protection laws and impacts every business which holds or processes the personal data of others – so that is just about every business, unless your business doesn’t have employees, suppliers or customers!

The Information Commissioner’s Office (ICO), which is responsible for enforcement of data protection in the UK, has advised businesses that they need to prepare. But a number of businesses have not put in place adequate safeguards and transitional arrangements, and as a result they are woefully under-prepared. For many businesses, a significant restructuring will be required in order to be GDPR-ready.


How severe are the fines?

Once the GDPR is implemented, the capacity of the ICO to issue fines will be dramatically increased. Currently only able to fine businesses up to £500,000 for serious breaches, this will increase to approximately £17.5m (€20m) or 4% of total worldwide annual group turnover (whichever is higher), and for less serious breaches the expectation is that the fine would be €10m or 2% of total worldwide annual group turnover (whichever is higher).The ICO has confirmed that there will be no “soft” launch; businesses are expected to be fully compliant by 25 May 2018.

To be unprepared is to potentially face:

  • Prosecution or regulatory enforcement, resulting in substantial penalties (as above).
  • Adverse publicity, and reputational damage. A loss of customer trust.
  • Missed opportunities and wasted resources.
  • Sanctions in jurisdictions other than the UK.
  • Increased scrutiny from data protection authorities.
  • Civil liability or punitive damages for employment related breaches.
  • Criminal liability for directors and senior managers, which could result in imprisonment and substantial personal penalties.
  • Critical system delays and failures.
  • Orders issued by the ICO that impact business, and we note that the ICO can use investigative powers to carry out audits and demand information be disclosed, and to access a business’ premises.
  • Impact on business continuity.
  • Becoming embroiled in litigation and its attendant time, effort and expense.

What’s driving this change?

The aim behind the implementation of the GDPR is sensible; it is to avoid, amongst other things, identity theft, credit card fraud, and failure to comply with privacy policies which may lead to theft and deception. The abuse of health data, financial data, or child data can have an adverse impact on insurance, credit, jobs or parental control.

A customer has a fundamental right in the UK to have their personal data protected and it may only be processed (that is, obtained, recorded, held, used or disclosed) under certain circumstances. This will obviously have a wide impact on your business.


What will you need to review?

A well-constructed and comprehensive programme of GDPR analysis and implementation, for your business, can provide a solution to these various competing interests and represents an effective risk management tool.

In particular, the business will need to carefully review existing procedures for obtaining an individual’s consent to process their personal data. This is more than a tick-box exercise; you must be specific in explaining to the individual (whether they are an employee, contractor, supplier, or other) what personal data you intend to hold, for what specific purpose, and for how long (to include explaining how they may demand such data be erased in the future) – the individual must make an informed affirmative decision to allow you to hold and use such data.


Where should the action you take lead you?

The business must be in a position at all times to respond quickly to any data subject’s request, and this is likely to require substantial modification to the business’ technological infrastructure and organisational processes. The staff handbook may be amended in relation to employee monitoring, and a written and comprehensive information security programme will be needed to protect the security, confidentiality and the integrity of personal data held. It should set out action plans for security breach, disaster recovery, and data restoration. The business will also be required to implement privacy impact assessments before carrying out any processing that uses new technologies, and that is likely to result in a risk to data subjects. The business must notify the ICO of all data breaches within 72 hours, and the business will therefore need to look carefully at its data breach response plans and procedures.

The above represents a short synopsis of the requirements of the GDPR, and there are many more that are not included and which are equally important. Preparing for compliance will clearly need considerable planning across the business and you may well want to take some professional advice.


What’s the best way to prepare to become compliant?

We recommend your business carries out regular training and reviews of its policies. But first it needs to be in a position to understand the threats and the risks, and what steps it needs to take in a specific, rather than a general, sense. We recommend that, at Board level, the GDPR is properly understood, which is going to involve owners and directors doing their own homework on the regulations, and then drafting the necessary documents and procedures for the business to follow, or undertaking the same exercise by working closely with trusted advisors. Beware the emergence of the “GDPR Consultant” who claims to be able to “do your GDPR” for you; some will know what they are doing and others won’t, but either way, when they move on, it will be your responsibility to ensure your business going forward is run in a GDPR compliant way.

At Giles Wilson, we can advise and assist you through the process. Please contact Philip Giles on 01702 477106 or email philip@gileswilson.co.uk for more information.

ADD A COMMENT

Note: If comment section is not showing please log in to Facebook in another browser tab and refresh.

Related Items

Employment Law and the Recent Announcement on Furloughing

March 29, 2020 by Roy Daby

Following the Chancellor’s announcement on Friday 20th March 2020, the g...

read more

Legal Eagle Q & A: When marriages are sadly short lived

September 15, 2019 by Melinda @ Giles Wilson Solicitors

...

read more

Old Law, New Claims.

September 8, 2019 by Melinda @ Giles Wilson

...

read more

About

Welcome to Leigh-on-Sea.com your complete source of Community information, local businesses, news and sport, weather and contact details for Leigh-on-Sea and surrounding areas.

Related topics

    AllAnytime Fitness Gym  Art  Beer Of The Week  Blog  Bus Fares  Bus Service  Business  Business Expo  C2C  Care  Care Home  Charity  Children  Christmas  Cinema  City Status  Cliffs Pavilion  Cliffs Pavilion Review  Cocktail Recipes  College  Community  Competition  Construction  Coronation  Coronavirus  Dannielle Emery  Design  Easter  Education  Electoral changes Leigh on sea  Emma Smith  Employment  Emsella Chair  Environment  Essex & Suffolk Water News  Essex Police  Essex Wildlife Trust News  Events  Family Fun  Fashion  Festival  Film  Finance  Fitness  Food  Food & Drink  Football  Foulness Bike Ride  Fresh Face Pillow Company  Gardening  General Election  Hair & Beauty  Halloween  Harp  Havens  Havens Hospice  Havens Hospices  Havens Hospices  Health & Fitness  Health & Beauty  Health & Fitness  Healthwatch Southend  Historicaleigh  History  Holidays  Housing  Indian  Indirock  Jubilee  Karen Harvey Conran  Kids  Kids Blogs  Kids Competitions  Kids Reviews  Lazydays Festival  Legal  Legal Eagle  Leigh Art Trail  Leigh Folk Festival  Leigh Library  Leigh On Sea Finds  Leigh Road  Leigh Town Council  Leigh Town Council Press Release  Leigh on Sea  Leigh on Sea Sounds  Leigh on sea Folk Festival  Leigh on sea Marathon  Leigh on sea Town Council  Leigh on sea man breaks marathon record  Leigh on sea news  Lifestyle  Livewell Southend Press Release  LoS Shop  London  London Southend Airport  Los Shop  Marathon  Melinda Giles  Mortgage Angel blog  Mortgages  Motherofalloutings  Mughal Dynasty  Music  My Mortgage Angel  MyLoS  NHS News  News  Newsletter  Offers  Outfit Of The Week  Palace Theatre  Parenting  Parking  Pets  Picture Of The Week  Pier  Politics  Press Release  Press Release Southend City Council  Professional  Property  Property Of The Week  RSPCA  Ray Morgan  Re:loved  Recipes  Recycling  Restaurant  Restaurant Review  Restaurants  Review  Roads  Rotary Club  Royal Hotel  Royal Visit  SAVS  Schools  Seafront  Shopping  Shows & Music Review  Shows & Music  Shows & Music Review  Southend  Southend Airport  Southend Borough Council Press Release  Southend City Bid News  Southend City Council  Southend City Council Press Release  Southend City Council Press Release  Southend Community Safety  Southend Hospital News  Southend In Sight  Southend In Sight  Southend In Sight Press Release  Southend on Sea  Sport  The Mortgage Mum  The One Love Project  The Ship Hotel  Theatre  Theatre Blog  Theatre Review  Theatre review  Transport  Travel  Travel  Veolia  Village Green  Volunteer  Weddings  Whats On  c2c  

T: 01702 558001

THE LEIGH ON SEA DIRECTORY