Thank you for contacting us.
We will get back to you as soon as possible.

Contact us

You acknowledge that by submitting your details via this page, you consent to us processing your personal data in accordance with our privacy policy.

New Data Protection Regulation is upon us

New Data Protection Regulation is upon us

Following three years of preparation and lobbying, the European Parliament has finally adopted the new European General Data Protection Regulation (GDPR) – which means big changes to data protection as we know it in the UK.

The GDPR will officially replace the basis behind the UK’s much cited Data Protection Act 1998 and will become law in all EU member states. The GDPR’s reach will be wider too, as it will affect any businesses who process the personal data of EU citizens, even if they are based outside of the EU.

The document lays out compliance measures for each state to meet before it takes over for good in the summer of 2018, and countries may escape any penalties, providing they can show that they have started preparing for the new measures.

The new legislation will still be adopted in Britain even if it decides to leave the EU in the forthcoming ‘Brexit’ referendum.

Summary of Changes
  • One of the biggest changes announced relates to data responsibility. Previously, most data protection obligations fell upon Data Controllers as opposed to Data Processors. But under the GDPR, both Controllers and Processors will be responsible for protecting their data.
  • All organisations will be obligated to have a full and firm understanding of what data they acquire, hold and process – and the legal basis for that data.
  • Data protection measures must be integrated into business processes, in order to respect the rights of data subjects.
  • Most organisations will have to appoint a data protection officer, particularly those which process large amounts of sensitive personal data.
  • Additionally, the GDPR introduces a new obligation to notify data breaches to the relevant authorities within 72 hours of their first discovery.
  • Non-compliance fines for failures to report breaches will be tiered – with the top tier fine demanding a staggering 4 per cent of global annual turnover from late-reporting firms.
What can organisations do to prepare?

Firms will need to step up their privacy and reform their policies and procedures for handling security breaches. These measures will need to be implemented before the implementation date.

Organisations may also wish to consider appointing a data protection officer, and assess how and for what purpose they currently hold and/or process data. It may also be worth starting to review and update existing contracts in respect of parties’ data protection obligations.

For further information on GDPR or contractual matters, please contact Rina Sond


Please note the contents of this blog are given for information only and must not be relied upon. Legal advice should always be sought in relation to specific circumstances. 

Time Limits for Claims under the Inheritance Act 1975
5 Dec 2019 - posted in Blog
Author: Isabel Williams

The Inheritance (Provision for Family and Dependants) Act 1975 allows certain close relatives to bring a claim against a deceased person’s estate if they believe...

Read more
Protecting yourself with a Lasting Power of Attorney
3 Dec 2019 - posted in Blog
Author: Charles Fraser

Clients often want to ensure that in the event that they are no longer able to make their own decisions, someone they have chosen will...

Read more
Buying a Property Jointly
28 Nov 2019 - posted in Blog
Author: Chris Pease

With house prices at the level they are, buying a property on your own can be virtually impossible. Therefore more and more people are...

Read more