From the very early days the team at Audley Clarke worked closely in the Claims Management space and advised on both the handling and usage of large amounts of personal data. With GDPR came the development of a specialist division within Audley Clarke who have helped with the understanding and correct implementation of the GDPR regulation.
GDPR – An Overview
The General Data Protection Regulation (GDPR) was adopted in 2016 and came into law with direct effect on 25 May 2018 and affects all organisations. It has replaced the Data Protection Act 1998. As GDPR is an EU regulation, and therefore legally binding in every member state, it seeks to ensure full and consistent compliance throughout the EU’s borders and, by updating the previous directive on personal data that was issued in 1995, it will bring data privacy into the digital world.
In the GDPR, key definitions and the 8 data protection principles are effectively preserved from the Data Protection Act 1998 within 6 data protection principles. The role of the Information Commissioner’s Office (ICO) as the UK’s supervisory body for data protection matters will be enhanced and will remain central to the task of advising businesses and individuals on the new legislation and enforcing its provisions.
Key reforms include:
- A change in culture – you need to consider the data protection aspects of everything you do “by design” and “by default”.
- Compulsory notification of data security breaches to the Information Commissioner’s Office.
- Tighter rules relating to data subject consent and provision of privacy notices.
- Risks and liabilities are increased if you contract out to other parties any data processing activities.
- Financial and other penalties for not complying with the GDPR will be significantly greater.
Why did we need new legislation?
The growth of data technologies meant that the Data Protection Act 1998 was not keeping up with technology and was no longer sufficient to protect personal data. Technology developments that will involve new ways of processing personal data include social media, artificial intelligence, the “internet of things”, “big data” and also genetic/biometric data. More widespread abuses of personal data and well-publicised data security breaches have led to a growing public expectation of privacy.
There will be a greater compliance burden on businesses, which will need to put data protection compliance at the heart of all activities including future ventures by introducing “privacy by design and by default”. All data processing activities must take a risk-based approach backed by good compliance documentation. Data controllers will need to make Privacy Impact Assessments before implementing new technologies/data processing techniques. The ICO remain the supervisory authority for data protection and you need to ensure that your fee renewal is up to date.
What we can do for you?
We can help businesses with their GDPR compliance requirements. Including:
- Advice and assistance on the ICO data protection fee.
- Advice and assistance with GDPR audits.
- Ad hoc GDPR compliance advice on matters such as consents, legitimate interests, data sharing agreements, privacy impact assessments.
- Application of the Privacy Regulations to marketing campaigns.
- Assistance with investigations and proceedings brought by the Information Commissioner’s Office.
- Help with contract addendums relating to data processing by third parties and data security.
- Assessment on whether you have consent or other entitlement to deal with personal data.
The penalties for not complying with the new GDPR regulation can in some instances be incredibly severe. Don’t take the chance, get in touch with Audley Clarke today and find out how our experts can help you.