Data Protection Law Update On 25 May 2018, the EU General Data Protection Regulation (GDPR) will be effective. The UK Data Protection Act 1998 is also due to be replaced soon, with the Bill currently going through Parliament. Whilst the core principles of data protection will remain largely unchanged, the new laws strengthen the requirements for transparency and accountability for the use of individuals’ personal data and will require changes at an operational and technical level from practically all organisations.
KEY CHANGES We have identified the following as some of the main changes that will affect organisations:
Increased enforcement powers significantly increased fines for breach
New obligations on data processors processors will be subject to legislative responsibilities and enforcement action
Expanded territorial scope compliance will extend to non-EU businesses with an EU data ‘footprint’
Stricter requirements on processing conditions bar raised on the grounds organisations may rely on for processing
Strict data breach notification rules notify within 72 hours where there is a risk to data subjects (or justify delay)
Personnel appointments an officer may need to be appointed as the ‘front line’ of an organisation’s data processing
W H AT W E D O Tughans is currently working with clients in a range of market sectors, providing assistance and support tailored to each client's priorities and timescales. The assistance we can provide includes:
Producing Project Plan
Information Audit & Report
After an initial discussion, we develop a structured Project Plan to map the path to GDPR compliance. We keep this plan under review and update it as necessary
Working closely with you, we can tailor and provide an Information Audit to interrogate the nature, extent and sensitivity of your organisation’s current data processing operations. We can then analyse and report on the risk areas identified by the Information Audit and suggest changes to be made to reach GDPR compliance
Change Implementation
Awareness & Training
Using the Audit Report, we can provide support for the technological and operational process changes required, including introducing or updating policy terms and amending contractual wording (both for template and ongoing contracts)
We can deliver in-person training presentations to refresh staff awareness of data protection responsibilities, highlight operational changes made and train on new obligations
C O N TA C T U S Any of our Data Protection team can be contacted to discuss the changes brought about by the new laws and how they affect your organisation:
Adrian O’Connell Partner T: +44 (0) 28 9055 3395 M: +44 (0) 78 2526 4732 E: adrian.oconnell@tughans.com
Andrew Kirke Associate Director T: +44 (0) 28 9055 3306 M: +44 (0) 78 2732 5049 E: andrew.kirke@tughans.com
Paul Eastwood Associate T: +44 (0) 28 9055 3377 M: +44 (0) 78 0358 9018 E: paul.eastwood@tughans.com