The EU’s General Data Protection Regulation (GDPR) will apply from 25 May 2018, when it supersedes EU member state implementations of the 1995 Data Protection Directive (DPD). The UK Data Protection Act 1998 (DPA) will be superseded by a new DPA that enacts the GDPR’s requirements.
The new law marks a wide-reaching and significant shift in the way that organisations must protect personal data.
It grants data subjects a number of new rights, including the right to judicial remedy against organisations that have infringed their rights, and requires organisations to adopt “appropriate technical and organisational measures” to protect personal data. It also introduces mandatory data breach reporting.
PENALTIES FOR NON-COMPLIANCE WITH GDPR
The Regulation mandates considerably tougher penalties than the DPA: organisations found in breach of the Regulation can expect administrative fines of up to 4% of annual global turnover or €20 million – whichever is greater. Fines of this scale could very easily lead to business insolvency. Data breaches are commonplace and increase in scale and severity every day. As Verizon’s 2016 Data Breach Investigations Report reaffirms, “no locale, industry or organization is bulletproof when it comes to the compromise of data”, so it is vital that all organisations are aware of their new obligations so that they can prepare accordingly.
UK organisations handling personal data will still need to comply with the General Data Protection Regulation (GDPR), regardless of Brexit. The GDPR will come into force before the UK leaves the EU, and the government has confirmed that the Regulation will apply, a position that has been confirmed by the Information Commissioner.
The new Data Protection Bill going through Parliament is designed to modernise the UK’s data protection laws for the digital age. The Bill will align UK law with the EU's forthcoming GDPR and replace the existing Data Protection Act.
The Bill is a complete data protection system. As well as aligning personal data legislation with the GDPR, it includes requirements for all other general data, law enforcement data and national security data. The Bill also includes a number of agreed modifications to the GDPR in areas such as academic research, financial services and child protection.
The Bill adopts GDPR requirements for all general data in the UK. Until the UK leaves the EU, the GDPR will operate in tandem with the Bill. Thereafter, the UK will restore a domestic basis to data protection laws, with the Bill allowing the continued use of the GDPR requirements.
A trusted global partner to businesses and organisations on Information Governance, Omaira offers a range of Data Protection advisory and consultancy services to help organisations get ready and achieve compliance with the General Data Protection Regulation (GDPR) which comes into effect on 25 May 2018.
Whether you are a small charity, SME or Multi National Blue Chip company, Omaira can tailor a solution that best meets your needs.
The GDPR Challenge
The GDPR will transform how personal data is collected, shared, stored, deleted and used globally, described by experts as ambitious, complex and strict. All organisations will have changes to make in policy, processes and contracts, as well as in technical and organisational compliance measures.
How we can help you get GDPR-ready
Our team of experienced data protection experts can help your organisation with a variety of best-practice solutions, from assessing your GDPR compliance position and developing an effective roadmap through to implementing a best-fit data compliance framework.
The GDPR gap analysis service provides an assessment of your organisation’s current level of compliance with the Regulation, and helps identify and prioritise the key work areas that your organisation must address ahead of May 2018.
We offer data protection officer services — we can be your DPO. It is recommended that private organisations carrying out public tasks or exercising public authority designate a DPO.
The essential step to prepare for compliance with the EU General Data Protection Regulation (GDPR). Receive a thorough audit of the personal data in your organisation and receive a data flow map that will help you to identify where your data resides.