Preparing for the General Data Protection Regulation

From 25 May 2018, the General Data Protection Regulation (GDPR) will come into effect thereby replacing the Data Protection Directive 1995. The main goal of the GDPR is to harmonize data protection laws across European Union (EU) member states with a view to ensuring easier compliance from companies operating across the EU.

Even though the UK is currently engaging in negotiations to leave the EU, UK companies will still have to meet the obligations which the GDPR sets out. The Information Commissioner's Office (ICO) has made clear that even if the GDPR will cease to apply in the UK following Brexit it is likely that similar UK laws will be enacted. Thus, it will still be in the best interests of UK companies to maintain compliance with the GDPR. This will be even more pressing now as companies which fall short of GDPR obligations and standards could potentially face fines of up to 4% of their annual worldwide turnover for non-compliance with the Regulation.

UK companies should be considering developing a plan which will allow their internal data protection mechanisms to meet the GDPR standards before the Regulation comes into effect. It may be that their current protocols need only minor alterations to fit the new standards. However, companies should also look towards any proposed services and products which they may wish to offer in the future which could utilise personal data.

The ICO has published a document titled '12 steps to take now' which gives guidance on how to develop a plan to be ready for the implementation of the GDPR as well as which provisions of the Regulation will be prevalent to companies.

The transition period leading up to the application of the GDPR is a crucial time for UK companies to enact their own changes in preparation for the new legislative changes they must abide by.

If you have any questions on the above, please do not hesitate to contact the team at McDaniel & Co. on 0191 281 4000 or legal@mcdanielslaw.com.