Data protection procedures will require an overhaul for any
company that offers goods and services, or tracks individuals, in
the EU under the European General Data Protection Regulation (GDPR)
to take effect from 25 May 2018. Given the changes in compliance
requirements that the GDPR entails, it is vital that you use 2017
to audit your current policies and processes and make any necessary
changes in readiness for the GDPR.
GDPR: What is going to change?
Among the changes the GDPR introduces are increased rights of
individual data subjects, new requirements for data breach
notifications and increased sanctions for data breaches. The GDPR
also has extra-territorial application, requiring compliance from
organisations based outside the EU if they offer goods or services
and/or track individuals anywhere in the EU.
Because of the changes the GDPR will implement, it is important
that you understand all of the obligations the GDPR will place on
your business. The GDPR will affect all organisations with any
interests in the EU, so it is not just for Europe-based
What should you be doing?
In readiness for May 2018, you should be putting a compliance
plan in place to ensure any necessary changes to your data policies
and processes are completed before the GDPR comes into force. We
have created guidance materials to help you plan your path to
In light of the much anticipated ICO draft GDPR (the General Data Protection Regulation) Consent Guidance being published yesterday, 2 March 2017, we will be running a mini-series on the guidelines under consultation and the impact the GDPR will have on the much vexed position of consent and the impact on your business.
The first of our four discussions on the ICO guidelines for Consent will focus on the meaning of consent under the GDPR (General Data Protection Regulation) and how this change enhances the previous law on consent to data processing.
The fourth and final part of our mini-series on the draft ICO guidance on Consent, published on 2 March 2017, focuses on the practical impact the GDPR (General Data Protection Regulation) will have on how your organisation records and manages consent.
A fundamental aspect of all fair and lawful processing of personal data under the current data protection rules is the requirement for the party who is the data controller to meet one or more conditions ("the conditions for processing").
The second in our mini-series on the ICO guidance on Consent, published on 2 March 2017, focuses on how the changes to be introduced by the GDPR (General Data Protection Regulation) will impact upon your business and what you can do to pre-empt the changes before their introduction in May 2018.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).