General Data Protection Regulation (GDPR) and Data Protection Reform

Reform is a response to advances in technology, the way business uses technology and data and the consequential privacy risks for consumers and employees.  GDPR represents the biggest shake up in the data protection arena in 20 years, introducing stringent compliance requirements and tough penalties in the event of breach of data protection principles.

The Information Commissioner’s Office (ICO), the public body in the UK with responsibility for taking enforcement action in relation to data protection matters, has demonstrated an increased appetite for enforcement action under current laws, recently issuing significant fines and naming and shaming well-known charities (Oxfam, Cancer Research UK, British Legion) and other household names, such as Honda and Flybe.

The ICO’s enforcement powers include powers to ban or suspend data processing, potentially at great cost and inconvenience, and the power to issue graduated fines for infringement up to EUR 20million or 4% of global turnover, whichever is the higher.  Under current laws fines are capped at £500,000.

Individuals rights will also be bolstered by reform, with individuals being able to bring civil claims, either alone or as part of a class action, in the event of a data breach.  Under current laws individuals cannot bring standalone claims for distress or hurt feelings and so claims are rare – this will change from May 2018.

The biggest challenge for businesses will be updating their approach to data protection compliance to take account of the more stringent regime and to avoid enforcement action, fines and reputational damage.  Legal reform and GDPR should also be seen an opportunity for businesses to secure a competitive edge by demonstrating intelligent data handling and protection to match future consumer expectations.

Businesses (large and small) cannot afford to ignore data protection reform or delay taking steps to ensure compliance.  Myerson can provide straightforward and practical advice and support to ensure that your business is ready to comply in time.

Myerson has developed Data Protection Audit and Review - a tool to evaluate your data processing activity and review your current practices and procedures and their adequacy under the new regime.

Myerson has also developed a straightforward Data Protection Compliance Package designed to be tailored to your business, ensuring an intelligent and proportionate approach to data protection compliance. 

The UK Information Commissioner's Office issues on-going guidance on how UK businesses should comply with the new regime. Myerson, through its retainer-based Compliance Support programme, is committed to keeping you up to date on developments through regular updates and training.

Our retainer services also offer Helpline Advice to guide you through data protection issues such as Data Subject Access Requests, reporting of data breaches and requirements to complete Data Protection Impact Assessments.

We would be pleased to support you in achieving compliance with data protection principles.