GDPR: Next steps, post-enforcement
The 25th May 2018 is the day that the General Data Protection Regulation (“GDPR”), with its tightened rules around ‘consent’, came into force across the EU.
One of the reasons why the GDPR has caused such a stir, is that it not only creates tighter data protection obligations but the penalties for breaching the provisions have also been bolstered markedly.
The UK Information Commissioner, Elizabeth Denham, has made it clear that the regulator will not be seeking to punish businesses for minor transgressions immediately. Rather, she sees data protection as an evolutionary process where businesses that are moving towards compliance and raising the general standards of data protection will be treated sympathetically and with a proportionate response in the event of a breach of the rules.
If you are taking your GDPR obligations seriously and working towards compliance then you need not fear the regulator coming down on you. Those who are wilfully ignorant, deliberately disregarding or negligent of their data protection obligations however should feel slightly more uneasy.
If you, like many, are unsure of the steps to take towards compliance then the following check-list will assist:
- Consider and document your lawful grounds for processing personal data.
- Consider and update your privacy notices.
- Identify, draft and implement the necessary policies (both internally and externally).
- Review your data processing agreements.
- Establish a lawful gateway for international data transfers.
- Develop mandatory breach notification procedures.
- Develop procedures to observe new and enhanced individual’s rights.
- Designate a privacy officer / data protection officer.
- Maintain adequate records.
- Contact a legal professional to review your GDPR compliance.
Events series: Spotlight on GDPR
We are running a series of events during 2018 to help our clients better understand particular issues under the GDPR. The first, 'Dealing with subject access and other subject rights' is scheduled for 3 July 2018. Please email our events team if you are interested in attending this seminar.
For more information, please contact Jonathan McDonald or Harry Taylor.
Our thinking
Marc-Us Ong
Data Protection: All roads lead back to the GDPR
Across the globe, jurisdictions continue to develop their data protection and privacy laws.
Georgia Sutton
Music to our ears? Well, perhaps not for Apple.
A feud first began when the music streaming giant, Spotify, filed a complaint against music streaming provide rand competitor, Apple Inc.
Emma Humphreys
Risk allocation in commercial leases: the High Court considers rent suspension, insurance and frustration arguments
Read our summary of the full judgement on the latest Covid arrears case.
Paul Stone
Competition and Markets Authority announces review of the EU vertical agreements block exemption
The UK Competition and Markets Authority is reviewing the future application of the EU vertical agreements block exemption in the UK.
Anna Rogers
Playing Copycat – Why have M&S begun legal action against Aldi over Colin the Caterpillar?
M&S’s chocolate caterpillar was the first of its kind to land on our supermarket shelves, over 30 years ago.
Caroline Swain
Building Back Better: Real Estate and Restructuring
How and why should hospitality businesses re-structure post pandemic?
ESG – Searching for substance behind the acronym
ESG is an acronym much used but perhaps less understood.
Paul Stone
Focus Antitrust - 21 April 2021
This week's competition update.
Daniel McDonagh
Burn After Redditting – Scottish Court of Session Lays Down Marker for Online Copyright Protection
Sky UK Ltd have successfully obtained interim protection from infringement of their broadcast rights through links posted on Reddit.
David Coates
Charles Russell Speechlys advises shareholders of Modern Networks on sale to Horizon Capital
Modern Networks is a leading provider of IT support, broadband and telecoms managed services to the UK’s commercial property sector.
Paul Henty
Paul Henty writes for New Law Journal on the often-painful experience of tackling rules of origin post-Brexit
Defining provenance post-Brexit: Paul Henty charts the often-painful experience of tackling rules of origin.
Paul Stone
Focus Antitrust - 14 April 2021
This week's competition update.
Paul Stone
Focus Antitrust - 7 April 2021
This week's competition update.
Rahim Hirji
No ticket, no merger: Viagogo and StubHub are one step closer to merging but must satisfy the CMA’s conditions
The £3.2bn acquisition of online ticketing company Stubhub by one of its competitors, Viagogo is one step closer to being finalised.
Paul Henty
Client alert: Construction under competition law spotlight
We outline the three investigations which have either recently concluded or are ongoing together with what this means for businesses.
Paul Stone
Focus Antitrust - 31 March 2021
This week's competition update.
Mark Bailey
CIS General Insurance Limited v IBM United Kingdom Limited - An analysis
Slow and chaotic – lessons from a digital transformation disaster in CIS General Insurance Limited v IBM United Kingdom Limited.
Paul Stone
Focus Antitrust - 24 March 2021
This week's competition update.
Adrian Mayer
Charles Russell Speechlys, Strategic Partners of the Asoko Insight West Africa's Family-Owned Business Report
The report is the most comprehensive study of Family-Owned Businesses throughout West Africa.
Anna Sowerby
Can linking to copyright material be restricted? Yes - clarity at last.
The Court of Justice of the European Union held that a copyright owner could indeed restrict linking to material.