Four Horsemen of the Apocalypse and GDPR?

January 25, 2018

The General Data Protection Regulation 2016 (GDPR) updates and harmonises data protection law in the EU. There is an increase in obligations on data controllers in respect of personal data and a number of key changes.

GDPR comes into effect on 25 May 2018. The Government has confirmed that GDPR will be implemented regardless of Brexit.  The Government is also passing its own data protection legislation to transpose GDPR into UK law.  There has been a lot of fear mongering about GDPR.  However, on a practical level, it is in a business’ interest to have GDPR or equivalent data protection regulation in place.  The threat of hacking and other forms of cyber crime increase daily.  Implementing a data protection regime is an important part of managing a cyber risk which most, if not all, businesses now face.

The news is not all doom and gloom. If a business has a regime in place to adequately comply with the Data Protection Act 1998, it is starting from a good position.  There is now a lead time of only a couple of months for businesses to prepare themselves for GDPR.  This may involve a considerable amount of work to have practice, policies and procedures in place which are data protection compliant.  The focus of GDPR is on compliance by design and default.  Anyone within a business who processes personal data should be aware of their obligations.  This will involve training  any employee with access to personal data.

Complying with GDPR is in a business’ interest. It makes it more efficient and mitigates the increasing  risk of processing personal data.  There is still time.  All businesses should start now rather than waiting to see the approach which could waste valuable time.

This article has been produced for general information purposes and further advice should be sought from a professional advisor.

Michael King is a Director of Cleaver Fulton Rankin Solicitors. He is a commercial litigator and certified data protection practitioner.  Michael specialises in intellectual property law and information governments to include data protection and has recently been advising clients on issues concerning the governance implementation of GDPR.