GDPR – 5 YEARS ON
Erika Moralez-Perez
CEO and General Counsel at Iconos Group - Commercial and Corporate Law - M & A - GDPR and Data Protection specialists
Much has happened since the EU published the General Data Protection Regulation (GDPR) in April 2018! It’s not even called that in the UK anymore!
Brexit, Covid and the Ukraine war have inflicted unprecedented disruptions on business with many companies struggling to keep trading. In the circumstances it would come as no surprise if businesses had prioritised pressing issues such as survival and risk management, putting data protection on the back burner.
They however ignore data protection at their peril! What became enshrined in UK law as the Data Protection Act 2018 was deemed adequate and merged with the requirements of GDPR forming a new, UK-specific data protection regime that works post Brexit.
The standards set by the EU have been adopted by the UK, the ICO (Information Commissioner’s Office) taking over from the European Board as the enforcer and regulator of what is now known as UK GDPR.
The core GDPR principles remain unchanged, granting clear rights to individuals:?
?with sensitive personal data (health, race, religion…) requiring a higher level of protection.
In determining whether GDPR rules apply to them businesses must not only assess their own processing but also consider activities processed on their behalf (payroll, outsourced contractors…) and all businesses with a website collecting cookies need a Privacy Policy stating how the data is being used.
Businesses of all sizes need to be clear who fulfils the roles of Data Controller and Data Processor in their organisation (it can be the same entity), and should be clear about who within their organisation is responsible for data protection and, where necessary appoint a Data Protection Officer to ensure the rules are adhered to, data processed correctly, and data breaches (however small) reported to the ICO.
As the UK is no longer an EU member state, new tools for data transfers have come in force including:
领英推荐
Strict deadlines were set to update transfers mechanisms:
If you are transferring data outside of the UK, you must take action to review how you do this. The ICO is taking action to ensure organisations meet their information rights obligations and heavy fines have been issued – see ico.org.uk.
All organisations should review their data audit and data protection policies annually, and ensure their staff are fully trained as the ramifications impact on every aspect of the business. Inadvertent breaches can be costly, both in monetary and reputation terms.
?
Please contact me with any questions on [email protected] or at 020 4539 5800.
Erika Moralez-Perez
Commercial Lawyer and CEO
Business Development & Executive Assistant to CEO
1 年Big or small you definitely ignore at your peril Erika Moralez-Perez!
Consultant Solicitor freelancing at Eversheds Sutherland (Konexo), Iconos Group Limited and Hybrid News Limited specialising in corporate and commercial law, data protection and GDPR.
1 年What an eye-opening article - not one to sweep under the carpet! These monumental fines can put businesses out of business. Big hitters such as Amazon, Royal Mail, WhatsApp, Google and H & M have also fallen foul of data protection laws.
Interesting but a little surprised at the figure of £75m in fines over 5 years. Seems quite low, would have expected a much higher figure! I presume a lot of organisations, particularly in the SME sector are not being found out.
Assisting boards with making wise decisions
1 年Quite right Erika. It is not just the big organisations that are affected but even sole traders are finding themselves on the wrong side of these fines. AI is the next innovation that is affected by data protection. I can send you the article I recently wrote on the subject if you wish.
Loves to make a difference and connect people l Board Adviser l NED l Trustee l Operations Director l Networker l The Rooster l A Wake-up Call for Business
1 年Timely reminder of the importance of data protection Erika Moralez-Perez as it is the GDPR 5th anniversary, and hefty fines are applied such as the recent news of Facebook's owner, Meta fined €1.2bn (£1bn) for mishandling people's data when transferring it between Europe and the United States - see https://lnkd.in/eXNba95s