The GDPR is the biggest shake up in data protection and privacy law in a generation. It is not affected by the UK’s decision to leave the EU. The UK Government has introduced a Data Protection Bill incorporating the provisions of the GDPR.
Any business, public authority, third sector organisation or social enterprise collecting, storing and using the personal data of EU residents is affected by GDPR – even those outside the EU.
The GDPR has introduced a new compliance regime, including an obligation to notify data breaches. Fines for breaches can be up to €20m or 4% of global turnover. These figures far exceed the past maximum fine of £500,000 that can be issued by the Information Commissioner’s Office (ICO).
The GDPR also gives individuals new and enhanced rights over their personal data. This includes a right to withdraw consent to data processing, a right to data portability and a right to be forgotten.
For the first time, businesses that process personal data as an incidental part of providing services to corporate clients will also come within the compliance regime and could therefore face direct enforcement action.
Data protection is a broad topic, so we have put together a team of data protection experts with experience across a range of legal disciplines. We also work with our technology partners that can review your IT security measures and help you with any necessary enhancements.
Our team has expertise in:
We can work in partnership with you to:
We offer a range of flexible packages to suit you and your organisations’ needs. We offer the following services:
For clients that buy any of the above or who are existing clients of Hugh James, you will benefit from a free GDPR hotline advice service for when you get stuck and need some direction.
If you would like to talk through the implications of the GDPR on your organisations, or for more details of our packages, please do not hesitate to contact us.