The UK Government has committed to implementing new domestic legislation incorporating all GDPR requirements and ensuring that the UK’s data protection framework is “suitable for our new digital age”. The countdown to May 2018 has started and, irrespective of Brexit, businesses must now prepare to comply with a new data protection regime – there is much to do.
The EU Regulation and proposed reform is a response to advances in technology, the way business uses technology and data and the consequential privacy risks for consumers and employees. GDPR and the proposed reform will represent the biggest shake up in the data protection arena in 20 years, introducing stringent compliance requirements and tough penalties in the event of breach of data protection principles.
The Information Commissioner’s Office (ICO), the public body in the UK with responsibility for taking enforcement action in relation to data protection matters, has demonstrated an increased appetite for enforcement action under current laws, recently issuing significant fines and naming and shaming well-known charities (Oxfam, Cancer Research UK, British Legion) and other household names, such as Honda and Flybe.
From May 2018, the ICO’s enforcement powers will include powers to ban or suspend data processing, potentially at great cost and inconvenience, and the power to issue graduated fines for infringement up to EUR 20million or 4% of global turnover, whichever is the higher. Under current laws fines are capped at £500,000.
Individuals rights will also be bolstered by reform, with individuals being able to bring civil claims, either alone or as part of a class action, in the event of a data breach. Under current laws individuals cannot bring standalone claims for distress or hurt feelings and so claims are rare – this will change from May 2018.
The biggest challenge for businesses will be updating their approach to data protection compliance to take account of the more stringent regime and to avoid enforcement action, fines and reputational damage. Legal reform and GDPR should also be seen an opportunity for businesses to secure a competitive edge by demonstrating intelligent data handling and protection to match future consumer expectations.
Businesses (large and small) cannot afford to ignore data protection reform or delay taking steps to ensure compliance. Myerson can provide straightforward and practical advice and support to ensure that your business is ready to comply in time.