Forthcoming Legislation – General Data Protection Regulation

The new General Data Protection Regulation (GDPR) comes into force on the 25th May 2018.

The GDPR is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

Under GDPR, the data protection principles set out the main responsibilities for organisations. The principles are similar to those of the Data Protection Act with added detail at certain points.

The most significant addition is the accountability principle. The GDPR requires organisations to show how they comply with the principles – for example, by documenting the decisions taken about a processing activity.

Failure to comply with the new legislation will result in fines – up to 20 million euros or 4% of the global annual turnover which eclipse the current maximum fine in the UK of £500,000.

The responsibilities and potential penalties for Data Controllers will now include Mandatory Notification – serious data breaches must be notified to both the Information Commissioner’s Office and individual data subjects.

The list below sets out the details that should be notified to the supervisory authority:

  • the nature of the breach
  • categories and number of data subjects
  • measures taken to mitigate the adverse effects and consequences of the breach

Establishing these details will take considerable investigation.

A processor also has a duty to notify the data controller immediately if it becomes aware of a personal data breach and notification to individual data subjects must be made ‘without undue delay’. 

Failure to comply with the new legislation will result in fines – up to 20 million euros or 4% of the global annual turnover

Although the UK is set to leave the EU in under two years time, it is likely that we will adopt all existing EU laws/regulation to enable us to continue trading effectively with the Eurozone, therefore the red tape will undoubtedly follow.

Most cyber and data insurance policies will offer cover against legal costs and fines associated with a data breach.

For more information please contact your TL Dallas broker or email matt.smith@tldallas.com.