On 25 May 2018 all businesses in the UK will be subject to the new GDPR legislation. This legislation replaces the old Data Protection Act and will heighten the responsibilities of data controllers and processors as well as the rights of individuals. GDPR will apply to all businesses controlling and processing the personal data of individuals residing in the EU, even if the business is based outside the EU.
Fines for data breaches and non-compliance will be based on a two-tiered system:
- Breaches of some provisions by businesses, which are deemed to be most important for data protection, could lead to fines of up to €20m or 4% of global annual turnover, whichever is greater.
- For other breaches, the authorities could impose fines on companies of up to €10m or 2% of global annual turnover, again, whichever is greater.
Is your business compliant and can you prove it?
Under a new principle of accountability, businesses will need to review and change their consent processes, processing notices, policies and procedures to reflect the law under GDPR. It will no longer be enough to be compliant with data legislation, you will have to be able to demonstrate compliance under GDPR principles.
You can also watch Gateley Plc's free webinar here.
This article was written by Andrew Evans and Peter Budd, Partners at Gateley Plc, and Karen Anderson, Solicitor at Gateley Plc.