Do you know your obligations?

Data protection legal review by Charles Lucas & Marshall

Data Protection

Despite Brexit, an overhaul of data protection rules is to be implemented and these will apply from May 2018.

This will affect organisations of all sizes and small businesses could risk substantial fines if the new rules are ignored.

The new rules are designed to hand control of personal data to individuals rather than organisations.

The new rules define personal data as any information relating to a natural person which will include personal details, family and lifestyle details, education, medical details, employment details, financial details and contractual details.

Under the directive, special rules will apply to the processing of personal data that reveal racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership or health issues.

The issue of consent, which validates usual personal data, is also a significant development.

Organisations need to ensure that they are explicit when seeking consent and detail how they will use the information.

An individual’s silence or inactivity will generally no longer be considered as consent.

Businesses must be much clearer on how customer data is collected and stored.

They have to make it easier for customers to tell organisations to ‘forget’ them and must provide greater protection for children.

Any data breaches must be communicated within three days to the Information Commissioner’s Office, the Data Regulator.

Organisations need to start acting now to ensure that they are compliant.

In particular, they need to consider:

  • Whether data protection officers should be appointed
  • Whether they should protect privacy by design
  • Whether they have adequate systems in place to manage data breaches that may arise and to comply with the notification requirements
  • Whether they are able to ensure compliance with the more restrictive principles of not holding data longer than absolutely necessary and not changing how such data is used from the original purpose
    specified; and
  • Whether they comply with the rights to be forgotten if the data subject requests this.

The penalties for not complying with the new rules will increase substantially and so action must be taken by businesses in the near future.

Depending on the level of the breach, fines can be up to £20m, or 4% of total annual global turnover based on the preceding financial year, whichever is the greater.

Data controllers and processors need clarity on what data they hold and how the personal data is used.

Businesses need to check that contractual provisions are in place with their clients and service providers to ensure compliance and adequate indemnities exist.

Leave your comment

Share your opinions on Newbury Weekly News

Characters left: 1000

Article comments

  • johnpanczak

    14/08/2017 - 09:09

    I think that GDPR is going to be a bigger issue for companies than they currently realise. The intention of the legislation seems pretty clear, but there is little guidance out there on how corporates should implement it, They will need to rethink and tighten up control over where data is held internally, who is responsible for maintaining it etc etc. The role of the Data Protection Officer is also going to be very important, they will need to be independent of the data collection and data maintenance procedures and also need direct access to the board of directors. It is going to be a very responsible and powerful role. I suspect that directors will find it difficult to reject their recommendations. Large corporates will also pass these responsibilities down the supply chain so SMEs need to prepare if they want to continue with those relationships.



James Fraser from BCM

Racing yards a win-win for jobs and road safety

Two new facilities have 'boosted demand for stabling'

Celebrating marvellous macarons

Celebrating marvellous macarons

Three years of the Real Macaron Company


Gig economy and Uber drivers


'Don't let things stop you doing what you dream of'


Protecting keyless cars from thieves