GDPR: Next steps, post-enforcement
The 25th May 2018 is the day that the General Data Protection Regulation (“GDPR”), with its tightened rules around ‘consent’, came into force across the EU.
One of the reasons why the GDPR has caused such a stir, is that it not only creates tighter data protection obligations but the penalties for breaching the provisions have also been bolstered markedly.
The UK Information Commissioner, Elizabeth Denham, has made it clear that the regulator will not be seeking to punish businesses for minor transgressions immediately. Rather, she sees data protection as an evolutionary process where businesses that are moving towards compliance and raising the general standards of data protection will be treated sympathetically and with a proportionate response in the event of a breach of the rules.
If you are taking your GDPR obligations seriously and working towards compliance then you need not fear the regulator coming down on you. Those who are wilfully ignorant, deliberately disregarding or negligent of their data protection obligations however should feel slightly more uneasy.
If you, like many, are unsure of the steps to take towards compliance then the following check-list will assist:
- Consider and document your lawful grounds for processing personal data.
- Consider and update your privacy notices.
- Identify, draft and implement the necessary policies (both internally and externally).
- Review your data processing agreements.
- Establish a lawful gateway for international data transfers.
- Develop mandatory breach notification procedures.
- Develop procedures to observe new and enhanced individual’s rights.
- Designate a privacy officer / data protection officer.
- Maintain adequate records.
- Contact a legal professional to review your GDPR compliance.
Events series: Spotlight on GDPR
We are running a series of events during 2018 to help our clients better understand particular issues under the GDPR. The first, 'Dealing with subject access and other subject rights' is scheduled for 3 July 2018. Please email our events team if you are interested in attending this seminar.
For more information, please contact Jonathan McDonald or Harry Taylor.
Our thinking
Pei Li Kew
Pei Li Kew writes for Pharmacy Business on the link between pharmacy and IP
Pei Li Kew writes for Pharmacy Business on the link between pharmacy and IP
Mark Howard
Charles Russell Speechlys advises Acora on its acquisition of Secrutiny
Charles Russell Speechlys advises Acora on its acquisition of Secrutiny
Jonathan McDonald
Jonathan McDonald provides comment for City AM on the Data Reform Bill announced in the Queen's Speech
Jonathan McDonald provides comment for City AM on the Data Reform Bill announced in the Queen's Speech
Nick White
Charles Russell Speechlys advises Symphony Holdings Limited on the sale of its PONY trade mark portfolio for USD $28 million
Charles Russell Speechlys advises Symphony Holdings Limited on the sale of its PONY trade mark portfolio for USD $28 million.
Simon Ridpath
Simon Ridpath featured in the Lawyer’s Hot 100 list
Simon Ridpath features in The Lawyer’s Hot 100 list
Natalie Batra
Patents and Peppa Pig: What is happening to intellectual property rights in Russia?
Certain Russian individuals and businesses can now use patents, utility models and industrial designs without obtaining prior permission.
Simon Green
International Bar Association quotes Simon Green on the future of the legal sector in Hong Kong
International Bar Association quote Simon Green on the future of Hong Kong's legal sector
Charlotte Duly
Charlotte Duly quoted in Retail Gazette on House of Zana trademark dispute
Charlotte Duly quoted in Retail Gazette on House of Zana trademark dispute
Keir Gordon
Charles Russell Speechlys celebrates this year’s Sports Technology Awards finalists
The Sports Technology Awards celebrates tech-led innovation in sports, globally.
Mark Hill
Mark Hill quoted in The Times on the Ed Sheeran High Court copyright case win
Mark Hill quoted in The Times on the Ed Sheeran High Court copyright case win
Caroline Greenwell
Nowhere to hide for greenwashing brands
In the UK, regulators are cracking down, with many companies now at risk of financial and other penalties.
Jamie Cartwright
Weighing up the Plastic Packaging Tax
The Plastic Packaging Tax came into force on 1 April 2022.
Jamie Cartwright
Crunching numbers - Mandatory calorie laws come into force
The Calorie Labelling (Out of Home Sector) (England) Regulations 2021 (the Regulations) are now in force.
Mark Hill
Mark Hill quoted in the Daily Mail discussing Ed Sheeran’s copyright court case win
Mark Hill quoted in the Daily Mail discussing Ed Sheeran’s copyright court case win
Jamie Cartwright
Jamie Cartwright comments on the potential impact of the plastic packaging tax
Jamie Cartwright comments on the potential impact of the plastic packaging tax
Jody MacDonald
Liverpool FC’s Hero Club and the current state of play with football NFTs
Liverpool’s Hero Club hit the headlines this week and serves as an interesting reflection of the current state of play.
Rachel Bell
Rachel Bell commented in IT Pro on the implications of the proposed EU’s Digital Markets Act
The proposed EU’s Digital Markets Act is set to require larger messaging platforms to interoperate with their smaller rivals.
Sonia Kenawy
Claimant ordered to pay security for costs in cryptocurrency dispute and digital assets rejected as form of security
Proceedings that are sure to be watched closely by the cryptocurrency community as well as legal practitioners.
Stewart Hey
Freezing Orders: Policing the Nuclear Option (PT 2)
Looking at the impact these checks and balances have when it comes to drafting and construing the terms of the order.
Stewart Hey
Freezing Orders: Policing the Nuclear Option
This article considered some of the checks and balances that apply when seeking access to one of the law’s most potent weapons.