• The aim of the new regulation is to streamline data protection legislation across the member states, replacing the patchwork of national legislation that currently exists. The legislation will not come into force immediately, but businesses need to start thinking about how the Regulation will affect them and the steps they will need to take to ensure compliance.

    Key areas to note include:

    1. There will be onerous obligations on data controllers to demonstrate compliance with the Regulation, for example, maintaining certain documentation.
    2. Consent to processing of personal data must be freely given, specific, informed and unambiguous. For sensitive personal data, the consent must also be explicit.
    3. Data controllers must notify breaches of the Regulation.
    4. Data processors will have to implement technical and organisational measures and will have an obligation to notify data controllers of breaches.
    5. Loss of data must be reported to the affected individuals and the Information Commissioner’s Office.
    6. Penalties of up to 4% of annual worldwide turnover may be imposed for infringement.
    7. Individuals will have the “right to be forgotten” and will be able to require the erasure of their personal data without undue delay in certain circumstances.
    8. In some circumstances, it will necessary to designate a Data Protection Officer.

    There may, of course, be last minute changes to the draft text and the detail is not yet finalised. Further details will be published in due course.

    This content is correct at time of publication

    Can we help?

    Take a look at our Commercial Law page for useful information, resources, guidance, details of our team and how we may be able to help you

  • Get in touch

    Please fill out the below form or alternatively you can call us on 01622 690691

      By submitting an enquiry through 'get in touch' your data will only be used to contact you regarding your enquiry. If you subscribe to any of our newsletters, you can unsubscribe any time using the link in the email. Please view our privacy statement for more information