- A Surge in Requests for Advice on GDPR Says Firm
Blandy & Blandy LLP has experienced a surge in requests for advice in relation to the new General Data Protection Regulation (GDPR), which came into effect on 25 May.
“Since the turn of the year we have seen a sharp spike in work relating to GDPR and data protection,” said Debbie Brett, a partner in the firm’s Corporate and Commercial team.
“Despite the significant longer term media attention that GDPR has received, formal guidance from the Information Commissioner's Office came later and many organisations have either felt unsure or been slow to act.”
The firm’s Employment law team has also been busy advising HR professionals, business owners and directors on relevant matters arising from the regulation and its impact on employment practices.
Latest predictions from the Federation of Small Businesses suggest that 5.7 million small businesses’ policies and processes may not be GDPR compliant. Information Commissioner Elizabeth Denham reiterated this week that organisations have had two years to prepare.
Brett explained: “The GDPR aims to harmonise European data protection laws, which makes it easier for EU citizens to understand how their data is being processed and raise any complaints. GDPR covers all ‘personal data’ held and/or processed by a data controller. It retains the core rules and principles of the Data Protection Act 1998 (DPA) - for example, fair and lawful processing and data minimisation.
Processing data is no longer as simple as it once was. We all provide data for many reasons in our everyday personal and professional lives and it becomes available across the world instantaneously and no longer respects national boundaries. Legislation needed to be updated to manage how this data is processed.”
Organisations who fail to comply with the GDPR can face a fine of up to €20 million or four per cent of global turnover.
According to Brett organisations are advised “not to panic” and to seek advice. The Information Commissioner's Office has intimated that its focus will be on large organisations, particularly those who "deliberately, persistently or negligently misuse data”.
For further information or legal advice, please contact Debbie Brett.
This article is intended for the use of clients and other interested parties. The information contained in it is believed to be correct at the date of publication, but it is necessarily of a brief and general nature and should not be relied upon as a substitute for specific professional advice.