City lawyers warn businesses on sweeping changes to data protection law coming into force this month

Solicitors London

Professionals at a City of London law firm are warning businesses of the dangers of failing to comply with sweeping changes to data protection law, which come into effect in the UK later this month.

The General Data Protection Regulation (GDPR) will come into effect on 25 May 2018 and lawyers from Carter Lemon Camerons LLP are cautioning businesses over the risks of failing to comply.

“From this date, the Information Commissioner’s Office (ICO) will have the power to issue fines of up to four per cent of global turnover, or €20 million, whichever is higher, for non-compliant businesses that have serious data breaches,” said Kate Boguslawska, a Partner at the firm.

“The GDPR poses a number of challenges for businesses relating to the ways in which they collect, store and handle any personal data they hold.

“These changes apply regardless of whether that data belongs to clients, consumers, employees, suppliers or vendors,” she added, ‘’It is worth highlighting that, contrary to a belief shared by some businesses, the changes affect any business regardless of size. The effect of non-compliance carries massive reputational risks and increased admin work. For this reason, it makes sense to put your house in order now!”

She said that all businesses must be able to demonstrate how they meet the GDPR’s new ‘Six Principles’ when using personal data. The data must be:

  1. Processed lawfully, fairly and in a transparent manner;
  2. Collected for a specific, explicit and legitimate purpose;
  3. Adequate, relevant and limited to what is necessary;
  4. Accurate and kept up to date;
  5. Kept for no longer than is necessary; and
  6. Kept secure.

“Ahead of the GDPR’s introduction, it is important that businesses review and record the data they hold, how they obtained it and what they use it for. On top of this, they will need to check how secure the data is, who has access to it and whether it has ever been transferred outside of the business,” she said.

“The rules governing the GDPR are complex and confusing. Falling foul of them can have drastic consequences for businesses of any size.

“Any business that is not already fully prepared for GDPR should contact us immediately for urgent advice on compliance.”

As part of its efforts to assist businesses with GDPR compliance, the firm’s specialist solicitors are able to present to clients on the GDPR and its implications for their organisation.