Terms such as "best" and "top" and "leading" are used for search engine optimisation purposes (SEO) as we want to give you the closest match to your search term, and we make no express or implied representation that we are the "top" or "best" or "leading" solicitors or lawyers for all areas of law.
In April 2016 the European Parliament formally adopted the new General Data Protection Regulation (GDPR), which makes it directly applicable to the UK without the need for any UK legislation, and will become enforceable as of the 25th May 2018. In reality, it will replace the Data Protection Act. The new laws will have a dramatic effect on businesses in numerous areas:-
Once a data controller is aware of a security breach it should without delay; and not in any event less than 72 hours, notify the Information Commissioner Office (ICO).
Where data is processed, data controllers will need to provide legitimate reasons for processing personal data. Where consent is to be relied upon, it must be demonstrable that consent has been given. Simply pre-tick boxes, or lack of response will no longer suffice.
Data Subject’s Rights
Most importantly the data subject will have the right to be forgotten. This will apply in all cases, bar very few exceptions.
The European rules in relation to data protection will need to be complied with and data protection systems will need to accommodate these changes. The cost and time expended may however be a complete waste of time, if the model that is being implemented by the GDPR is scrapped by the UK, who after Brexit decide to stay with the Data Protection Act.
This is yet one other area where businesses are being asked to deal with potential changes in a period of extreme uncertainty.