GDPR: Next steps, post-enforcement
The 25th May 2018 is the day that the General Data Protection Regulation (“GDPR”), with its tightened rules around ‘consent’, came into force across the EU.
One of the reasons why the GDPR has caused such a stir, is that it not only creates tighter data protection obligations but the penalties for breaching the provisions have also been bolstered markedly.
The UK Information Commissioner, Elizabeth Denham, has made it clear that the regulator will not be seeking to punish businesses for minor transgressions immediately. Rather, she sees data protection as an evolutionary process where businesses that are moving towards compliance and raising the general standards of data protection will be treated sympathetically and with a proportionate response in the event of a breach of the rules.
If you are taking your GDPR obligations seriously and working towards compliance then you need not fear the regulator coming down on you. Those who are wilfully ignorant, deliberately disregarding or negligent of their data protection obligations however should feel slightly more uneasy.
If you, like many, are unsure of the steps to take towards compliance then the following check-list will assist:
- Consider and document your lawful grounds for processing personal data.
- Consider and update your privacy notices.
- Identify, draft and implement the necessary policies (both internally and externally).
- Review your data processing agreements.
- Establish a lawful gateway for international data transfers.
- Develop mandatory breach notification procedures.
- Develop procedures to observe new and enhanced individual’s rights.
- Designate a privacy officer / data protection officer.
- Maintain adequate records.
- Contact a legal professional to review your GDPR compliance.
Events series: Spotlight on GDPR
We are running a series of events during 2018 to help our clients better understand particular issues under the GDPR. The first, 'Dealing with subject access and other subject rights' is scheduled for 3 July 2018. Please email our events team if you are interested in attending this seminar.
For more information, please contact Jonathan McDonald or Harry Taylor.
Our thinking
Fiona Edmond
Fiona Edmond and Mark Smith write for Property Week on data centres as an infrastructure asset class
The complexity of operational issues is something those new to the sector may not anticipate and interest is likely to increase.
Mark Howard
Charles Russell Speechlys advises discoverIE on its acquisition of Antenova
discoverIE is a leading international designer, manufacturer and supplier of customised electronics to industry.
Emma Humphreys
Coded messages for landlords and tenants
“What does the code of practice mean for landlords and tenants? Read more here”
Gareth Mills
Gareth Mills writes for Lexology Getting The Deal Through on technology disputes in Bahrain
The most common disputes occur following perceived or actual failures to deliver required technology services an lack of clarity.
Mark Howard
Charles Russell Speechlys advises Acora on acquisition of Westgate IT
Westgate IT specialises in providing IT support to businesses in the South West.
Jason Saiban
Jason Saiban writes for Food Manufacture on the food industry's climate change challenge
The key challenge will be how the environmental targets are actually met.
Grab the tail by the horns - Why is tail spend so critical in today’s outsourced portfolio?
It’s usually invisible, but in all likelihood, you’ve got tail spend.
Olivia Crane
Olivia Crane writes for The Grocer on the importance of robust data protection policies for checkout-less stores
The ‘personal data footprint’ created by this type of service and technology isn’t something that should be overlooked.
Rebecca Burford
Charles Russell Speechlys advises Appital Ltd on £2.5m Investment led by Frontline Ventures
Appital is an Equity Capital Marketplace which aims to bring innovation to Equity Capital Markets.
Mark Hill
Mark Hill writes for In-House Community Magazine on solutions templating, a new priority for in-house legal teams
Removing the burden from legal teams, contract managers and administrators.
Adrian Mayer
Charles Russell Speechlys advises Metier on US$39m investment into Africa Mobile Networks
AMN builds, owns, operates and maintains mobile network infrastructure in Africa.
Olivia Crane
Olivia Crane quoted by SoGlos on the increasing issue of cyber fraud being faced by businesses in Gloucestershire
Cyber fraud has cost Gloucestershire businesses around £369,800 in the last 13 months.
Richard Davies
Tattoos, athletes and image rights
Campaigns featuring athletes often include visible tattoos and a number of recent legal cases demonstrate the issues that may arise.
Daniel McDonagh
Blue Sky Linking
Daniel looks at Sky's recent success in obtaining interim protection from infringement of their broadcast rights
Sonia Kenawy
The regulation of big tech: a changing tide?
Sonia takes a look at the two main areas where the UK is increasing the regulation of Big Tech in 2021
Daniel McDonagh
Don’t Gamble on Bingo Ads, Warns ASA
The ASA has issued a reminder to advertisers that bingo adverts will be treated as gambling ads for the purpose of standards regulation.
Marc-Us Ong
Recording Phone Calls: Don’t take Consent for Granted
What if an interviewee who is being called and interviewed “live” does not actually know he/she is on live television?
Nia John
Continuing Progress in the Sphere of Inclusive and Non-Discriminatory Advertising
The latest developments from the ASA, CAP and BCAP relating to the advertising regulators’ attempts to tackle discrimination in advertising.
eCommerce and the Post-Brexit State of Play
Key UK and EU legislation governing how online platforms deal with consumers and their business users.
Marc-Us Ong
Top 7 Data Protection Tips for Employers
Here are our top 7 data protection tips for employers.