May 14, 2019
GDPR, along with the Data Protection Act 2018 (DPA 2018) in the UK, was implemented on 25 May 2018 and applies to all organisations which process individuals’ personal data. The regulations cover businesses of all sizes, ranging from sole traders to global corporations, although the rules differ in some respects depending on the size and activities of the organisation.
Across the EU, data protection regulators have so far issued fines totalling more than €56 million as a result of breaches of GDPR.
In the UK, the Information Commissioners’ Office (ICO) is still busy publishing the results of cases which stemmed from the pre-GDPR Data Protection Act 1998, and has not yet published details of any significant fines it has issued under GDPR – although we can expect these to start filtering through in the next few months.
Despite this, the publicity surrounding GDPR means that many businesses will have seen the practical effects of it in their dealings with their customers and staff.
In relation to staff specifically, an increase in data protection awareness means that we have seen an increase in the number of “Subject Access Requests” (SARs) being brought by employees who want to know what their employers have been doing and saying about them and how they have been using their personal information. The strict rules on SARs under GDPR mean that employers are now nearly always obliged to gather and hand over this information within a month of a request being made.
As a reminder of businesses’ data protection duties, every organisation should:
Be registered as a data controller with the ICO
Have a privacy notice for employees, workers and contractors (and also for job applicants), setting out how their data may be held and processed
Have privacy notices for customers, clients, suppliers and anyone else whose personal data they may handle
Have a data protection policy setting out how employees must handle the personal data of others, and the consequences of breaching that policy
Have data sharing agreements in place with any third party service providers to whom they may pass personal data
Conduct regular data audits and, when necessary, Privacy Impact Assessments when carrying out non-routine data processing activities.
It should also be noted that the rules on data protection in the UK are unlikely to be loosened by Brexit, despite the fact that GDPR is an EU-wide law. The UK Government has committed to preserving the effects of GDPR in the UK at least until the end of any transition period (if the Withdrawal Agreement is ratified by Parliament) and is likely to then seek an agreement with the EU that the rules should continue indefinitely.
I have worked with Darwin Gray for a number of years and the level of service, professionalism and timely response is second to none. I would highly recommend Darwin Gray to any business.”
Darwin Gray have provided us with a first-class service for many years now. They really take the time to understand our business and develop relationships which results in advice and support that is contextualised and effective.”
We have worked with Darwin Gray for several years and have always found their services and advice to be first class.”
An extremely professional and sincere company who make time for your queries and understand the need to break down certain facts and information to ensure everything is understood perfectly. I would highly recommend the company to anyone looking for any type of legal advice”
PSS has worked with Darwin Gray for many years. We have always received an excellent service. Prompt and professional advice and support.”
We have used several departments within DG recently and we have been very pleased with an effective, efficient and down to earth service. Very happy thus far and I expect that we will continue to use DG.”
Darwin Gray offer us truly superb services. Very professional, quick and services available bilingually which is very important to us, highly recommend.”
My “go to” in urgent and time sensitive cases for direction, support and advice. The team are quick to respond to calls or emails for advice and support on all matters. Always explain complex matters in a way a lay person can easily understand.”
