New stricter EU-wide data protection legislation

The current UK Data Protection Act (dating back to 1998) is due to be swept away and replaced with a European Union-wide standard which will come into force in May 2018. UK business has 2 years to get itself ready (irrespective of the Brexit decision). Most, if not all, of you and your clients or customers will be affected by this new law.

The precise details of the law (called the “General Data Protection Regulation”) are due to be announced today. However, the following have been heavily trailed:

  • Fines of up to 4 % global turnover or 20 million Euro (whichever is the greater) for failure to comply with the new law
  • Notification of data breaches will become mandatory to the ICO and in certain cases, affected individuals
  • Data processors will have direct liability under the new law (and therefore potentially subject to the fines)
  • Enhanced rights for individuals
  • Many organisations will be required to appoint a data protection officer (this will include SME’s where they are “personal data” heavy)

What should you do now?

As mentioned, you will have 2 years to get ready for this major change – ClaydenLaw will be providing further updates and practical compliance toolkits for our clients. We also plan to provide webinars to help businesses get ready for the change. But please let us know if you would like us to deliver any update seminars directly in-house to any of your teams, or you would like us to provide a speaker at any events with which you might be involved.