Blog
Rayner my parade! The importance of specialist advice.
Jemma Brimblecombe
20 February 2018
GDPR & Brexit: Data transfers from the EU and the UK’s new status as a “third country”
The GDPR is coming into force on 25 May 2018. The UK is leaving the EU at 11pm on 29 March 2019. No doubt these dates are engraved into the minds of most business owners. But while these deadlines are enough on their own to leave you with plenty to worry about, it is also important to consider the interplay between the two – that is to say, what will Brexit mean in terms of the GDPR?
24 January 2018
The £17 million Question - What will the ICO’s enforcement powers be under the GDPR, and how will they be used?
The General Data Protection Regulation (“GDPR”) coming into force in May 2018 empowers national supervisory authorities to issue fines of up to €20 million, or 4% of an organisation’s annual global turnover for certain data protection infringements. These figures have generated headlines and news stories around the globe, many of them misleading. The Information Commissioner, in her post of December last year, warned of ‘scaremongering because of misconceptions’. We seek to put the headline grabbing figures in context, by examining the range of administrative sanctions available to national supervisory authorities for dealing with infringements of GDPR and the criteria they will use when selecting them. In doing so we shed light on how organisations can prepare for, and react to, any data protection infringements to reduce the risk of a heavy fine.
28 November 2017
The real impact of the GDPR… new notification obligations
To date, GDPR headlines have mainly focused on the threat of heavy fines. However, the Information Commissioner’s Office (the ‘ICO’) has made it clear that issuing fines has always been, and will continue to be under the GDPR, a last resort. Rather, the most immediate impact of the GDPR following a data breach is the new obligation under Article 29 to notify both the ICO and those individual data subjects affected by data breaches. These individuals are most likely to be the clients, customers, suppliers and other contacts upon which your organisation relies and, following any significant data breach, notification may lead to that breach becoming public.
21 November 2017
An introduction to Data Protection Officers under the GDPR: Should you appoint one?
There is currently no legal requirement for companies to appoint a dedicated officer responsible for data protection; the Information Commissioner’s Office merely encourages this as good practice. However, this will change when the General Data Protection Regulation (“GDPR”) comes into force in May 2018 and introduces a requirement for certain organisations to appoint a Data Protection Officer (“DPO”).
6 September 2017
Data Protection – can employers still monitor employees’ communications in light of Barbulescu v Romania?
Can employers still monitor employees’ communications in light of Barbulescu v Romania? Don’t panic, they can. But, the decision in Barbulescu v Romania from the appeal chamber of the European Court of Human Rights (ECtHR) shows that, in future, they must apply their mind in a much more rigorous way to how they go about it.