25 May 2018

GDPR: Next steps, post-enforcement

The 25th May 2018 is the day that the General Data Protection Regulation (“GDPR”), with its tightened rules around ‘consent’, came into force across the EU.

One of the reasons why the GDPR has caused such a stir, is that it not only creates tighter data protection obligations but the penalties for breaching the provisions have also been bolstered markedly.

The UK Information Commissioner, Elizabeth Denham, has made it clear that the regulator will not be seeking to punish businesses for minor transgressions immediately. Rather, she sees data protection as an evolutionary process where businesses that are moving towards compliance and raising the general standards of data protection will be treated sympathetically and with a proportionate response in the event of a breach of the rules.

If you are taking your GDPR obligations seriously and working towards compliance then you need not fear the regulator coming down on you. Those who are wilfully ignorant, deliberately disregarding or negligent of their data protection obligations however should feel slightly more uneasy.

If you, like many, are unsure of the steps to take towards compliance then the following check-list will assist:

Consider and document your lawful grounds for processing personal data.
Consider and update your privacy notices.
Identify, draft and implement the necessary policies (both internally and externally).
Review your data processing agreements.
Establish a lawful gateway for international data transfers.
Develop mandatory breach notification procedures.
Develop procedures to observe new and enhanced individual’s rights.
Designate a privacy officer / data protection officer.
Maintain adequate records.
Contact a legal professional to review your GDPR compliance.

Events series: Spotlight on GDPR

We are running a series of events during 2018 to help our clients better understand particular issues under the GDPR. The first, 'Dealing with subject access and other subject rights' is scheduled for 3 July 2018. Please email our events team if you are interested in attending this seminar.

For more information, please contact Jonathan McDonald or Harry Taylor.

Enjoyed this article?

Subscribe to regular and topical Insights from our lawyers.

Insights Matthew Knowles 21 August, 2019

Premier League piracy predicament keeps us ‘hooked’

Commentary on the latest developments at the Premier League regarding piracy of live match content.

Insights Tessa Newman 14 August, 2019

Thumbs up – A company that embeds the Like button on its website can be considered a data controller jointly with Facebook

Companies that embed the Facebook “Like” button within their website pages can be considered as a joint data controller.

News 12 August, 2019

Charles Russell Speechlys advises Telecommunications Regulatory Authority of Bahrain on the formation of BNet BSC

The culmination of a ground-breaking three year project which will transform the telecommunications landscape of the Kingdom of Bahrain.

Insights Rachel Bell 12 August, 2019

Ofcom Consultation on the protection of TV and radio programme participants

Ofcom consults on proposed new broadcasting rules aimed at extending existing protections afforded to participants in TV and radio.

Our clients

Individuals and Families

Businesses

Major Corporates & Institutions

Browse our full range of sectors

Explore our News & Insights

Brexit: implications for you and your business

Insights