Solicitors warn businesses to prepare now for new data protection laws or face crippling fines

News
05/09/2017
Subscribe


Businesses are being urged to take steps now to meet new data protection laws or face huge fines from May 2018.


GDPR Compliance is Compulsory

Non-compliance is not an option.

Yet according to Camille Renaudon, a partner and employment law specialist at Cheshire-based Hibberts Solicitors, many companies remain completely unaware of the changes.


The General Data Protection Regulation (GDPR) comes into law across EU member states from May 2018, and is set to profoundly alter the way all business owners manage their customer and employee data.


Businesses not Aware

Camille said:

“Lots of my business clients, both small and medium sized, aren’t aware yet of the GDPR as there’s not been a lot of coverage in the mainstream media about it.

But it’s a major piece of legislation which will hit them hardest, as fines are up to four per cent of annual turnover or 20 million Euros – whichever is higher.

The new regulations are far reaching and extend into many facets of the business, from what your contracts say about how you store and process personal information about your employees, to how long you have to respond to data requests and whether your suppliers are compliant."


A Real Change in Culture

“Many of the regulations are already covered by the UK's Data Protection Act, but moving forward there are going to be some significant changes that could have a huge effect on companies.

At the moment data protection is treated as a bit of a tick-box exercise by companies, but these regulations strengthen the rules and will bring a real change in culture.

Data will become a top priority as non-compliance is not an option with such huge fines.”


Brexit does not change the regulations

Although the GDPR applies to data processing carried out by organisations operating within the EU, it also applies to organisations outside the EU offering goods or services within the EU or those monitoring behaviour of data subjects within the EU.


The GDPR will replace the UK's Data Protection Act 1998 from 25 May 2018 and the government has confirmed that the UK's decision to leave the EU will not change this.

Things employers need to start doing immediately include a data mapping exercise to look at their IT processes, and to review their commercial contracts externally as well as internally.


Camille added:

“It’s also important to include HR in this process as you look at reviewing your own policies and procedures, and ensure any staff responsible for those are given necessary training and guidance.

The responsibility however, sits with the business, which is why it’s so important for everyone to understand how this affects your internal processes.”


Five things employers need to do now:


Review your employment documents including contracts and handbooks and update them on the processing of personal data.


Review your supplier contracts to ensure they have data protection provisions and update them to meet the new requirements of the GDPR.


Look at your current HR activities and spot the gaps, then take legal advice as to where new procedures are needed.


Consider staff training in the new rules over the upcoming year.


Designate someone to take responsibility for data protection compliance and consider whether you need to formally designate a Data Protection Officer


Any businesses interested in more information or support with complying with the General Data Protection Regulation (GDPR) can contact Hibberts Solicitors by visiting www.hibberts.com

Camille Renaudon