• The aim of the new regulation is to streamline data protection legislation across the member states, replacing the patchwork of national legislation that currently exists. The legislation will not come into force immediately, but businesses need to start thinking about how the Regulation will affect them and the steps they will need to take to ensure compliance.

    Key areas to note include:

    1. There will be onerous obligations on data controllers to demonstrate compliance with the Regulation, for example, maintaining certain documentation.
    2. Consent to processing of personal data must be freely given, specific, informed and unambiguous. For sensitive personal data, the consent must also be explicit.
    3. Data controllers must notify breaches of the Regulation.
    4. Data processors will have to implement technical and organisational measures and will have an obligation to notify data controllers of breaches.
    5. Loss of data must be reported to the affected individuals and the Information Commissioner’s Office.
    6. Penalties of up to 4% of annual worldwide turnover may be imposed for infringement.
    7. Individuals will have the “right to be forgotten” and will be able to require the erasure of their personal data without undue delay in certain circumstances.
    8. In some circumstances, it will necessary to designate a Data Protection Officer.

    There may, of course, be last minute changes to the draft text and the detail is not yet finalised. Further details will be published in due course.

    Can we help?

    Take a look at our Commercial Law page for useful information, resources, guidance, details of our team and how we may be able to help you

  • Key contact:

    Get in touch

    Please fill out the below form or alternatively you can call us on 01622 690691

    • By submitting an enquiry through 'get in touch' your data will only be used to contact you regarding your enquiry. Please view our website and cookie policy for more information