You will have heard about the introduction of GDPR and its implications for businesses. This EU General Data Protection Regulation (GDPR) is due to come into force on the 25thMaynext and will have wide ranging effects as to how businesses are run and how businesses communicate both with clients/customers and service providers.
The regulation is about enhancing the privacy rights of individuals and imposing additional obligations on organisations that process personal data.
At a glance the following are some of the key features:
– The rules are being updated on how personal data is processed and seeks to change how businesses and public bodies treat personal data
– It gives powers to the Data Protection Commissioner to impose administrative fines of up to 2% to 4% of turnover
– It is likely that most data controllers will seek legal advice at some stage in the course of their business as to how to protect personal data under the regulation.
As a follow on from the above, there is a wide ranging view that it will bring about an increase in civil litigation and it will be interesting to see how the courts will deal with the question of loss in such situations.
While initially, there may not be a concern for private individuals that the GDPRwill impact on them personally, it is fair to say that it is already impacting as for example, employers are required to notify employees about how their personal data will be used and for any website users, you will notice that websites now provide visitors with information regarding the type of data which is gathered and the purpose for this.
Equally, when dealing with financial institutions or public bodies, these are required to inform any individual as to how long any personal data will be retained in respect of that individual and again for what reason. This on the face of it may not seem significant but there is no doubt that litigation will arise where there is a breach of the regulations in these circumstances.
All businesses need to be more than familiar with this new regulation and seek legal advice where uncertainty arises.
The DPC has launched a GDPR-specific website www.GDPRandYou.iewith guidance to help individuals and organisations become more aware of their enhanced rights and responsibilities under the General Data Protection Regulation.
Will you be Prepared?