TOUGH new European Union laws mean businesses could be liable for fines of up to 20 million euros – £17m – or four per cent of their worldwide turnover.
Leading law firm Blake Morgan warns that many organisations across the public and private sectors are not prepared for the changes, as it launches a free guide to mark the countdown to General Data Protection Regulation (GDPR).
GDPR comes into force on May 25 next year and all organisations which retain or process personal information will need to comply.
Data protection specialists at the firm, which has offices in Portsmouth and Southampton, have been alerting clients to the new rules in how they handle personal data – including the ’right to be forgotten’.
Chairman of Blake Morgan Bruce Potter said: “We are now just a year away from a major shake-up of information governance laws at a European level and it’s fair to say many businesses and public sector organisations are underprepared.
“The huge growth of the digital economy in recent years requires a more robust legal framework to ensure public confidence in the protection of information and organisations now need to adapt to these higher standards.
“It is not only reputation that is at stake for failure to comply as there will be a significant increase in monetary penalties.
“Our data protection and regulatory experts have carefully devised this guide which highlights the most important actions organisations should take to comply and I would urge decision-makers to take a look.”
Its report, GDPR: A Practical Guide to Achieving Compliance, gives detailed and informed analysis on key changes on the way, including organisations having just 72 hours from the discovery of a breach to report it.
Among the action points in the guide are: Review customer-facing terms and privacy policies. These are likely to need substantial revisions to meet the new requirements; Decide whether a Data Protection Officer needs to be appointed in-house. Alternatively, explore whether you could outsource the role; Review contracts with processors to ensure they have robust provisions around record-keeping; Ensure that the risk of penalties for non-compliance are fully understood at board level; If you collect information about children then you may need a parent or guardian’s consent to process their data lawfully. Consent must be verifiable and privacy notices must be written in language that children will understand; Blake Morgan’s lawyers offer a start-to-finish consultancy package for achieving compliance. To download a free copy of the guide visit www.blakemorgan.co.uk/GDPR





