Network Communications News (NCN) June 2017 | Page 11
TALKING POINT
T
‘The huge
growth of
the digital
economy in
recent years
requires
a more
robust legal
framework to
ensure public
confidence
in the
protection of
information.’
ough new EU laws mean
businesses could be
liable for fines of up to
£17m or four per cent of
their worldwide turnover.
Many organisations across the
public and private sectors are not
prepared for the changes.
GDPR comes into force on 25th
May next year and all organisations
which retain or process personal
information will need to comply.
Blake Morgan has launched a free
guide on its website to mark the
one-year countdown to GDPR.
Data protection specialists at
the firm have been alerting clients
to the new rules in how they
handle personal data – including
the ‘right to be forgotten’.
We are now less than a year
away from a major shake-up of
information governance laws at
a European level and it’s fair to
say that many businesses and
public sector organisations are
underprepared.
The huge growth of the digital
economy in recent years requires
a more robust legal framework
to ensure public confidence in
the protection of information and
organisations now need to adapt
to these higher standards.
It is not only reputation that
is at stake for failure to comply as
there will be a significant increase
in monetary penalties. Our data
protection and regulatory experts
have carefully devised this guide
which highlights the most important
actions organisations should
take to comply and I would urge
decision-makers to take a look.
Blake Morgan has offices
in Cardiff, London, Oxford,
Portsmouth, Reading and
Southampton and it is important
that businesses and public
bodies act now to understand
the regulations and implement
measures for compliance.
Our report GDPR: A Practical
Guide to Achieving Compliance
gives detailed and informed
analysis on key changes on the
way, including businesses being
liable for fines of up to £17m or four
per cent of their annual worldwide
turnover (whichever is greater) for
data breaches and organisations
having just 72 hours from the
discovery of a breach to report it.
Among the action points in the
guide are:
R eview customer-facing terms
and privacy policies. These
are likely to need substantial
revisions to meet the new
requirements;
D ecide whether a Data
Protection Officer needs
to be appointed in-house.
Alternatively, explore whether
you could outsource the role;
R eview contracts with
processors to ensure they
have robust provisions around
record-keeping;
E nsure that the risk of penalties
for non-compliance are fully
understood at board level; and
I f y o u co l l e ct i nfo r m at i o n a b o u t
c h i l d re n t h e n y o u m a y n e e d a
p a re nt o r g u a rd i a n ’ s co n s e nt
to p ro c e s s t h e i r d ata l aw f u l l y .
C o n s e nt m u s t b e ve r i f i a b l e
a n d p r i va c y n ot i c e s m u s t
b e w r i t te n i n l a n g u a ge t h at
c h i l d re n w i l l u n d e r s ta n d .
Blake Morgan is the only
law firm accredited to provide
the BCS Certificate in Data
Protection course, which is an
intensive five-day course leading
to a professional qualification
(on successful completion of
an externally marked exam).
The qualification is ideal for
anyone with data protection
responsibilities, particularly those
taking on the Data Protection
Officer role under the GDPR.
Blake Morgan’s lawyers of fer
both a star t-to-finish consultancy
p a c ka ge fo r a c h i ev i n g
co mp l i a n c e a n d a co m p lement
of i n d i v i d u a l se r v i c e s to target
k n ow n a re a s of co n c ern .
Despite the Brexit negotiations,
the government has confirmed
that the UK will be implementing
the new rules in full and there
are good reasons for assuming
that the UK will continue to apply
European standards for data
protection for many years to come.
Blake Morgan’s data protection
and regulatory experts are
available to answer questions
from organisations about GDPR at
[email protected].
For further information visit
www.blakemorgan.co.uk/GDPR
June 2017 | 11