Data Protection & GDPR
All businesses, no matter what their size or sector, will need to review their data protection compliance sooner rather than later in order to prepare for the forthcoming General Data Protection Regulation (GDPR) and the replacement Data Protection Act, which will come into force in May 2018, modernising our data protection law and providing the regulator, the Information Commissioner’s Office (ICO), enhanced and strengthened enforcement powers.
Currently the ICO has the power to fine businesses and organisations with a Civil Monetary Penalty (CMP) of up to £500,000 for breaches of the Data Protection Act 1998, which have the likelihood to cause substantial damage or distress. Under GDPR those limits are much higher, up to a maximum of £17 million or 4% of turnover in worse case scenarios, with fines only a part of a range of sanctions for non-compliance including corrective orders, reprimands and warnings.
Data subjects will also have the benefit of a wider range of rights under the GDPR, such as data portability, rights to restrict processing and the right to be forgotten, as well as more familiar rights like claiming compensation for distress following a data breach, for example.
There has never been a better time for businesses to review existing data protection policies and procedures to get as ready for the new regulatory landscape as they can be.
We can assist businesses and organisations by advising on the various obligations that are placed upon them, currently and in the future regime, which include:
- Advice on policies and procedures, such as reviewing privacy notices and procedures for dealing with data subjects rights, and how these may need to be updated for GDPR
- How to respond to Subject Access Requests and what to do if litigation is threatened – we have experience of dealing with contested and litigated SARs
- Advice on how to respond to data subjects’ complaints including dealing with claims for compensation for damage or distress
- Advice if the business suffers a security or other data protection breach – the requirement of self-reporting the incident to the ICO and advice during any subsequent ICO investigation and potential enforcement action, which might include the issuing of a Civil Monetary Penalty (CMP)
- Advice regarding appealing any of the formal notices issued by the ICO to the Information Rights Tribunal
Please call us on 0161 850 9911 to discuss your business or organisation’s data protection needs.
How can we help you?
Accreditations and awards