GDPR – One Year On

May 14, 2019

 

May 2019 marks a year since the General Data Protection Regulation (GDPR) was brought into force across the EU.

GDPR, along with the Data Protection Act 2018 (DPA 2018) in the UK, was implemented on 25 May 2018 and applies to all organisations which process individuals’ personal data. The regulations cover businesses of all sizes, ranging from sole traders to global corporations, although the rules differ in some respects depending on the size and activities of the organisation.

Across the EU, data protection regulators have so far issued fines totalling more than €56 million as a result of breaches of GDPR.

In the UK, the Information Commissioners’ Office (ICO) is still busy publishing the results of cases which stemmed from the pre-GDPR Data Protection Act 1998, and has not yet published details of any significant fines it has issued under GDPR – although we can expect these to start filtering through in the next few months.

Despite this, the publicity surrounding GDPR means that many businesses will have seen the practical effects of it in their dealings with their customers and staff.

In relation to staff specifically, an increase in data protection awareness means that we have seen an increase in the number of “Subject Access Requests” (SARs) being brought by employees who want to know what their employers have been doing and saying about them and how they have been using their personal information. The strict rules on SARs under GDPR mean that employers are now nearly always obliged to gather and hand over this information within a month of a request being made.

As a reminder of businesses’ data protection duties, every organisation should:

  • Be registered as a data controller with the ICO

  • Have a privacy notice for employees, workers and contractors (and also for job applicants), setting out how their data may be held and processed

  • Have privacy notices for customers, clients, suppliers and anyone else whose personal data they may handle

  • Have a data protection policy setting out how employees must handle the personal data of others, and the consequences of breaching that policy

  • Have data sharing agreements in place with any third party service providers to whom they may pass personal data

  • Conduct regular data audits and, when necessary, Privacy Impact Assessments when carrying out non-routine data processing activities.

It should also be noted that the rules on data protection in the UK are unlikely to be loosened by Brexit, despite the fact that GDPR is an EU-wide law. The UK Government has committed to preserving the effects of GDPR in the UK at least until the end of any transition period (if the Withdrawal Agreement is ratified by Parliament) and is likely to then seek an agreement with the EU that the rules should continue indefinitely.

 

 

Contact Our Team

To speak to one of our experts today, please contact us on 02920 829 100 or by using our Contact Us form for a free initial chat to see how we can help.

Anna Rees
Head of Marketing
View Profile
Bethan Hartland
Accounts Assistant / Legal Cashier
View Profile
Caragh McCormack
Trainee Solicitor
View Profile
Catherine Burke
Partner
View Profile
Cindy Thomas
Accounts Assistant
View Profile
Damian Phillips
Partner
View Profile
Donald Gray
Consultant
View Profile
Elin Davies
Associate
View Profile
Elliw Jones
Associate
View Profile
Emily Shingler
Associate
View Profile
Erin Phillips
Marketing Executive
View Profile
Fflur Jones
Managing Partner
View Profile
Fiona Hughes
Senior Associate
View Profile
Fiona Sinclair
HR Consultant
View Profile
Gareth Wedge
Partner
View Profile
Geraint Manley
Trainee Solicitor
View Profile
Harriette Loveluck-Edwards
Solicitor
View Profile
Heledd Ainsworth
Solicitor
View Profile
Heledd Evans
Trainee Solicitor
View Profile
Kate Heaney
Senior Associate
View Profile
Lisa Evans
Paralegal
View Profile
Lorna Fraser
Associate
View Profile
Luke Kenwrick
Solicitor
View Profile
Mark Rostron
Partner
View Profile
Mike Raymond
Trainee Solicitor
View Profile
Nick O’Sullivan
Partner
View Profile
Nicole Brendel
Solicitor
View Profile
Non Kinsey
Associate
View Profile
Oliver Morris
Senior Associate
View Profile
Owen John
Partner
View Profile
Patrick Murphy
Senior Associate
View Profile
Rachel Ford-Evans
Senior Associate
View Profile
Raheim Khalid
Secretary / Administrator
View Profile
Ramyar Hassan
Associate
View Profile
Ranj Bains
Office Supervisor
View Profile
Rhodri Lewis
Partner
View Profile
Rhodri Morgan
Consultant
View Profile
Rich Craven
Solicitor
View Profile
Sarah Price
Senior Associate
View Profile
Seren Trigg
HR Consultant
View Profile
Siobhan Williams
Senior Associate
View Profile
Siôn Fôn
Senior Associate
View Profile
Stephanie Kendall
Trainee Solicitor
View Profile
Stephen Thompson
Partner
View Profile
Tomas Parsons
Paralegal
View Profile
Tracey Holland
Finance Manager
View Profile

What our clients have said...