Partner Debbie Brett, in our Corporate & Commercial team, says that Blandy & Blandy has experienced a surge in requests for advice in relation to the new General Data Protection Regulation (GDPR), which came into effect on 25 May.
Since the turn of the year we have seen a sharp spike in work relating to GDPR and data protection.
Despite the significant longer term media attention that GDPR has received, formal guidance from the Information Commissioner's Office came later and many organisations have either felt unsure or been slow to act.
The firm’s Employment Law team has also been busy advising HR professionals, business owners and directors on relevant matters arising from the regulation and its impact on employment practices.
Latest predictions from the Federation of Small Businesses suggest that 5.7 million small businesses’ policies and processes may not be GDPR compliant. Information Commissioner Elizabeth Denham reiterated this week that organisations have had two years to prepare.
The GDPR aims to harmonise European data protection laws, which makes it easier for EU citizens to understand how their data is being processed and raise any complaints. GDPR covers all ‘personal data’ held and/or processed by a data controller. It retains the core rules and principles of the Data Protection Act 1998 (DPA) - for example, fair and lawful processing and data minimisation.
Processing data is no longer as simple as it once was. We all provide data for many reasons in our everyday personal and professional lives and it becomes available across the world instantaneously and no longer respects national boundaries. Legislation needed to be updated to manage how this data is processed.
Organisations who fail to comply with the GDPR can face a fine of up to €20 million or four per cent of global turnover.
Organisations are advised not to panic and to seek advice. The Information Commissioner's Office has intimated that its focus will be on large organisations, particularly those who deliberately, persistently or negligently misuse data.
For further information or legal advice, please contact firstname.lastname@example.org or call 0118 951 6800.
This article is intended for the use of clients and other interested parties. The information contained in it is believed to be correct at the date of publication, but it is necessarily of a brief and general nature and should not be relied upon as a substitute for specific professional advice.