- Your business will need to implement technical and organisational measures, document processing activities and appoint a Data Protection Officer if it is a public authority or if the core activities of the controller or the processor involve “regular and systematic monitoring of data subjects on a large scale” or where the entity conducts large-scale processing of “special categories of personal data”.
- The GDPR applies to “personal data”, but GDPR’s definition of personal data is more detailed than the DPA. The new definition provides for a wide range of information to constitute personal data. This is to reflect the changes in technology and the way organisations can now collect information.
- Under GDPR, you will have an obligation to put in place organisational measures to show how you integrated data protection into your processing activities.
- This means that privacy in a service or product should be taken into account from the start of a product concept.
- Data subjects will have greater access to their data - you can no longer charge them £10 for that purpose.
- Data subjects will have a ‘right to be forgotten’ or a ‘right to erasure’ of their data.
- The regime around giving consent is tougher. Businesses will need to ensure that data subjects can withdraw their consent to their data being processed. Businesses must also ensure that consent is “explicit” for processing sensitive data. The onus will be on the business to show that the consent was given. Where personal data is processed for direct marketing the data subject will have a right to object. The right to object will have to be explicitly brought to their attention.
- Parental consent will be required for the processing of personal data of children under age 16. The Individual EU Member States may lower the age requiring parental consent to 13.
- Fines for major breaches of the GDPR could reach up to the higher of 4% of annual worldwide turnover and EUR20 million. Other infringements could attract a fine of up to the higher of 2% of annual worldwide turnover and EUR10m. You will be laughing on the other side of your face if you have to pay a fine like that. Have you ever tried laughing on the other side of your face? It takes years of practice and can give you neck ache, so, best to avoid it - and avoid paying those fines too…
Read our latest blog posts on GDPR, featuring all the latest legal news, analysis and opinion from our expert lawyers.
- By Lawbite Team
- March 26, 2020
Many businesses have needed to adapt and embrace remote working. For many, this can raise new working practices and question how data is managed wi...
- By Lawbite Team
- March 19, 2020
Coronavirus and its spread across borders is a concern for employers and employees. While employers will be concerned to ensure their business’ con...
- By Lawbite Team
- January 30, 2020
The ICO has published a statement on GDPR compliance after 31 January 2020 (the day that the UK leaves the European Union). There are no big surp...
LawBite can help you
LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.
Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.