Speak to us on 0114 266 6660
Wake Smith Twitter
Wake Smith Linked In
Wake Smith Facebook

Data Protection & GDPR

We offer expert legal advice and support for data protection issues.

We guide and support businesses in data protection compliance and in dealing with data subject access requests.

We can also assist individuals to understand their rights.

We deal with:-

  • Data Protection policies and procedures;
  • Data Protection training including preparation for GDPR;
  • Dealing with the Information Commissioner’s Office including data breach issues;
  • Data subject access requests and exemptions to the right;
  • Offshore compliance;
  • Freedom of Information Act requests.

General Data Protection Regulation - act now for incoming data protection law

New European Union (EU) data protection rules which will become law in May 2018 will affect every business and organisation and cannot be ignored.

The final text of the General Data Protection Regulation (GDPR) was agreed in December 2015 after four years of political negotiations and lobbying involving all 28 EU member states.

The EU's new data protection rules will impact every entity that holds or uses European personal data both inside and outside of Europe.

The government underlined post Brexit the need for the UK to be seen as a data protection compliant country. GDPR will affect non EU businesses as well as EU.

The GDPR, aimed at reforming the out-dated EU Data Protection Directive, was approved by the EU parliament in January 2016. The British government fed into the changes and despite Brexit will have comply with the regulations if it wishes to trade with EU partners.

Take immediate action

Ignoring the GDPR until it becomes enforceable in 2018 is a huge mistake and companies should take immediate action.

The act is all about transparency and making sure data is secure and used in the correct way. The concept of monitoring the behaviour of EU residents by tracking their digital activities has to safeguarded.

The GDPR will impact every data controller and processor that holds or uses European personal data both inside and outside of Europe. That could be health companies to research businesses, doctors’ surgeries to Plcs and local authorities.

Businesses which are now not well versed with data protection requirements are going to have to gear up for GDPR.

Companies will have to go through all their customer facing documentation, rewrite their terms and conditions, review clauses relating to data use and create separate documents on the capture, use and termination of data.

Heavy financial penalties for non-conformity

A key element of the GDPR is not only increased compliance requirements, but heavy financial penalties for non-conformity - up to €20m or 4% of annual worldwide turnover for groups of companies, whichever is greater.

The fines apply to infringements of the basic principles for processing, including conditions for consent, data subjects’ rights, the conditions for lawful international data transfers, specific obligations under national laws permitted by the GDPR, and orders by data protection authorities including suspension of data flows.

The GDPR will involve far more interface with a regulator. Data protection officers will be responsible for reporting breaches, demonstrating the auditing of processes and safeguarding.

Organisations now face the challenge of having only 18 months to implement all the necessary changes to their systems and operations to meet the new compliance requirements.

GDPR is a model change in the way that data collection and use is regulated. Regulators in Europe will ensure that citizens are protected by the most stringent data laws in the world.

Although 18 months may seem like a reasonable time to prepare for the regime, organisations will need to completely transform the way they collect and use personal information.

Adopting new behaviours on data

This is not a compliance or legal challenge; it is much more profound than that. Organisations will need to adopt entirely new behaviours in the way they collect and use personal information.

One of the fundamental changes is companies providing data services to other companies, known as data processors, will also be subject to the GDPR, and face the same hefty breaching fines, which will affect technology service providers in particular.

The GDPR adopts prescriptive rules around how organisations will need to demonstrate that they comply with the GDPR.

Businesses will have to genuinely adopt governance and accountability standards and not pay lip service to data privacy obligations.

Organisations’ strategy and approach to comply with the GDPR will need to focus on three key components - a new compliance journey, a new transparency framework and a new enforcement, sanctions and remedies framework.

New compliance journey and transparency

The new compliance journey will require companies to map and classify all their personal data; perform risk assessments; design privacy protections into all new business operations and practices; employ dedicated data protection officers in many cases; monitor and audit compliance; and document everything they do with data and everything they do to achieve legal compliance.

The new transparency framework will require entities to re-think how they engage with people, including their contracting and permissions processes and how they give clear and full information on what is happening to personal data.

When a breach of security or confidentiality arises, entities will have to notify the incident to the regulators. In many cases, they will have to notify the people affected.

The new enforcement, sanctions and remedies framework will give regulators unprecedented powers to intervene in business and shape how entities conduct their operations, including the power to impose these heavy fines.

Changes will mean individuals can exercise a “right of data portability”, and will have clarity on the “right to be forgotten” together with enhanced rights of access to their data and to demand the end of use of their data. They will also be able to sue entities for compensation

The GDPR will make businesses more accountable for their data practices. 

This is the area where the heavy weight of the GDPR will be most felt in practice. New responsibilities such as data protection by design, data protection by default, record keeping obligations, data protection impact assessments and prior consultation with data protection authorities in high-risk cases will require managerial effort and investment.

Many of these obligations are entirely new, so for the majority of businesses this will mean a substantial learning curve.

Key changes to EU data protection introduced by the GDPR

  • More rigorous requirements for obtaining consent for collecting personal data.
  • A new rigour in obtaining consents from parents of children. In the UK this will apply to the under 13s.
  • Requiring a company to delete data if it is no longer used for the purpose it was collected.
  • Requiring a company to delete data if the individual revokes consent for the company to hold the data.
  • Requiring companies to notify the EU government of data breaches in 72 hours of learning about the breach.
  • Enabling one Regulator in the most relevant EU country for the business to oversee all monitoring and handling complaints brought under the GDPR.
  • Firms handling significant amounts of sensitive data or monitoring the behaviour of many consumers will be required to appoint a data protection officer.
  • Fines up to €20m or 4% of a company’s global revenue for its non-compliance.

Wake Smith solicitor Holly Dobson has 10 year’s legal experience in data protection issues including advice on significant data breaches.

For further information and advice on the GDPR contact Holly at holly.dobson@wake-smith.com or call 0114 266 6660.

Data Protection

Holly Dobson
Director

Useful Info

Click on the links to the right for more useful information:

News & Events

We constantly post the latest news on the legal sector covering a wide range of topical issues and subjects

These articles provide useful and updated information on different sectors of the legal industry. 

Sign up for our free monthly e-newsletter. Please register your details below to receive the latest legal news and developments.

Subscribe to our mailing list

* indicates required


We will not share your details with any third party organisations.

Contact Us

Get expert legal advice from one of Sheffield’s most respected law firms, Wake Smith Solicitors.

Our team of friendly, professional solicitors can provide support and advice in a wide range of areas for you and your business. Call our Solicitors in Sheffield on 0114 266 6660 or fill out the simple form below and we will get back to you as soon as possible. 

For all media enquiries, please contact Abby Worsnip or Billy Greenhalgh at www.agentpr.co.uk

* Indicates required field

First Name:*
Surname:*
Telephone:*
E-Mail:*
Practice Area:*
Brief description of your enquiry:*

Please enter your first name.

Please enter your surname.

Please enter your address.

Please enter your contact telephone number.

Please enter your e-mail address.

Please enter a valid e-mail address.

Please enter what method you wish to be contacted via.

Please select what practice area you are interested in.

Please enter your enquiry.

Please check the box to confirm you are not a robot.

The form has been successfully submited. Thank you for your enquiry.

New

We're Here...

Office Hours:
Monday to Friday
8:30 a.m. – 5:30 p.m.

Sheffield Head Office
No1 Velocity
2 Tenter Street
Sheffield
S1 4BY
Tel: 0114 266 6660
Fax: 0114 267 1253
Click here to find us on Google Maps »

DX: 10534 Sheffield 1

 

Car park and Disabled Facilities
If you have any special requirements relating to disabled facilities please contact John Liversidge on 0114 224 2075 or at john.liversidge@wake-smith.com