General Data Protection Regulation Clinic
The GDPR will apply in the UK from 25 May 2018 and the government has confirmed that the UK’s decision to leave the EU will not affect the commencement of these regulations.
Gilson Gray LLP, will take us through this topic and answer any questions you have.
A firm grasp of the upcoming General Data Protection Regulation (GDPR) is an essential requirement for any organisation that deals with personal data. The GDPR represents the most significant change in data protection legislation in the United Kingdom and the EU and affects organisations at all levels. Don’t get caught out!
The Regulation is a new data protection regime that comes into effect next May. You must operate a centralised data protection collection and processing system. A breach of the Regulation can lead to a significant fine, with the maximum being €20m (around forty times the current maximum of £500,000) or 4% of global turnover, if more. The Information Commissioner’s Office, who will enforce the Regulation, have made it clear they are likely to take a zero-tolerance approach, and will “name and shame” those who get it wrong.
You will be expected to demonstrate on demand:
• appropriate security measures for the protection of personal data;
• compliance with the Regulation’s expanded definition of “consent” when collecting personal data;
• centralised policies and procedures for obtaining, processing and securely destroying personal data;
• an annual data protection impact assessment;
• full preparation for subject access requests, or ICO investigations.
THERE IS NO EXCUSE FOR NON-COMPLIANCE AFTER MAY 2018 and the Regulation is compulsory.