GDPR: time to start thinking about the new rules coming into force from 2018

The EU’s General Data Protection Regulations (GDPR) will apply in the UK from 25 May next year. The headline changes include:
1. Direct compliance liability for processors
2. Increased transparency through more detailed notices
3. Extra-territorial scope
4. Enhanced individual rights
5. Application of strict retention periods
6. Privacy by Design & Default and Privacy Impact Assessments
7. Mandated processor terms
8. A significant step-change in relation to fines for non-compliance
According to figures from the UK’s Information Commissioner’s Office, the fines for data protection breaches in the UK reached around £3.2 million in 2016. Whilst this sounds significant, this figure will increase substantially once the GDPR comes into play.
With increasingly tighter requirements around how employers must maintain and process personal data, and with the number of fines issued for breaches of UK data protection laws on the increase, many employers are already looking to employ permanent staff dedicated to ensure compliance with the new rules.
In fact, a survey carried out by recruitment firm Robert Half has suggested that two-thirds of firms have confirmed that they intend to employ a permanent member of staff to deal with this issue, whilst 64 per cent of firms intend to take on temporary staff to assist the business in transitioning to the new regime.
It has also been confirmed that, whilst the GDPR is EU legislation, British data protection laws will remain aligned with the new regulations after Brexit. In light of that, employers should be taking steps now to familiarise themselves with the GDPR and the more stringent rules that are going to apply, so that the risk of regulatory enforcement action can be minimised.