Benefits (and Responsibilities) of GDPR
With just over nine months until the GDPR comes into effect, it is time for firms to start thinking about embarking on the next steps to compliance with the new rules. The ICO Commissioner, Elizabeth Denham, recently highlighted the importance of firms beginning preparations for the new rules, which represent “the biggest change to data protection law for a generation”.
Whilst many firms will already have begun the journey towards ensuring compliance with the new rules, it is important to keep the momentum going. There is much talk across all sectors about the ‘fear factor’, and it is important that this shouldn’t lead to firms burying their head in the sand and hoping it will go away. Whereas it is vital to bear in mind that the new rules bring with them a substantial increase in fines available to the regulator - €20 million, or 4% of annual turnover, whichever is greater – it is also worth considering the benefits that the changes can bring to business.
The new responsibilities bring an updated focus on the rights of the individual in the digital age – and onerous though this may seem at the outset, regulation that specifically considers the recent explosion of technology is long overdue. The new rules will change how data can be collected, stored and used. Whilst this might seem arduous to undertake, this is also a good opportunity to build more robust processes, policies and systems, making the changes work for your business. In knowing how, when and why customers give their consent – and having this information easily to hand, as will be required by the new rules – firms will be able to better market their products. It’s possible that changes in consent, use and storage will also lead to an increased trust between customer and business.
When taken with Elizabeth Denham’s reminder that non-compliance leaves an organisation open to enforcement action that ‘can damage both reputation and bank balance’, the impetus to prepare is material commercial advantage. So what can you do between now and May 2018? Information is available via updates through the ICO; updated guidance on the definition of consent is expected soon, and they have recently updated their 12 steps document. In addition, we have produced a series of articles aimed at keeping you updated with the latest news and information on our Compliance Insights page.
We are holding the second instalment in our seminars over September and October, aimed at helping you implement the GDPR with ease. We cover the key changes you need to make, recent clarifications from the ICO in relation to consent, not-for-profit organisations, privacy notices, breach notifications and subject access requests, and how your peers are transitioning to full compliance. You don’t need to have attended the previous seminar – to join, simply click the link to book your place at any of the following events:
21 September 2017 – 9am until 3pm
St. George’s Conference Centre, Leeds, LS1 3DL
27 September 2017 – 9am until 3pm
Etcvenues, Bonhill House, EC2A 4BX
5 October 2017 – 9am until 3pm
Jurys Inn, Newcastle upon Tyne, NE1 4AD