Chat with us, powered by LiveChat
31 Mar 18
General Data Protection Regulations (GDPR)

There has been a lot of information regarding the deadline of 25th May 2018 which is the date that the General Data Protection Regulations (GDPR), come into force.  This will be a substantial change to the current data protection legislation and it would be wise not to regard matters as business as usual. 

The GDPR will impose major changes which include:

  • Individuals having greater control over their personal data including the ‘right to be forgotten’ and the right to have their data transferred;
  • In certain circumstances an organisation will have to appoint a data protection officer;
  • Organisations will have to report breaches to the Information Commissioner’s Office (ICO) within 72 hours;
  • There will be much stricter rules on obtaining individual’s consent on how their personal data can be used, including use for marketing; and
  • Higher penalties will be imposed on organisations who breach data protection regulations.

Many organisations are already working to accommodate the changes but there is still a substantial number who are not turning their attention to GDPR.  It is important to, at least, make a start on implementing the necessary changes now, even if these are not completed before the deadline.  This will demonstrate to the ICO, should a breach occur, that you are taking the regulations seriously and may well reduce any possible penalty.  It can also minimise the risk of a breach happening in the first place.

There needs to be an administrative as well as a legal approach to complying with GDPR.  Some of the matters an organisation may want to consider are:

Understanding what personal data is held by the organisation and how it is used within the organisation;

  • Allocating responsibility within the organisation for the implementation and safeguarding of personal data;
  • Cleansing an organisation’s existing personal data to remove any excess data with no legitimate reason for holding on to it;
  • Having proper systems in place for safeguarding personal data and for reporting breaches to the ICO;
  • Ensuring a commitment from senior management and training of staff on the new GDPR;
  • Reviewing the internal privacy policy and the privacy and cookies policy on the website (external policy); and
  • Reviewing an organisation’s legal agreements with other entities to ensure there are proper provisions for safeguarding and dealing with personal data.

The above are just some of the considerations which an organisation should be turning its attention to from now.  You may want to engage external advisors with GDPR knowledge to help you navigate this fairly complex area of law.

This article is for general information purposes only and does not constitute legal or professional advice. For more information contact Watkins & Gunn Solicitors on 01633 262122 or visit to our website www.watkinsandgunn.co.uk

Contact us today 0300 1240 400
Related Stories
29 Feb
Look Behind the Headlines
07 Feb
Proposed changes to Inheritance Tax to benefit siblings 
07 Feb
Who inherits my estate if I die without making a Will? 
Directors
Clive Thomas
Jonathan Wellington
Sophie Hughes
Lisa Guscott
Kate Roberts
Lucy O'Brien
Offices
Cardiff
Newport
Pontypool

Watkins & Gunn is the trading name of Watkins & Gunn Ltd a company registered in England & Wales.

Registered office address: Glantorfaen House, Hanbury Road, Pontypool, NP4 6XY
Company Registration No. – 13198809 | VAT No – 134778838
Authorised & Regulated by the Solicitors Regulation Authority
SRA No. 820245 www.sra.org.uk

Designed & Developed by Spindogs