Are you worried about complying with breaching data protection laws?

You should be! According to the latest figures from the Information Commissioner’s Office (ICO) analysed by PwC, the number and value of fines issued by the ICO for data protection violations has increased significantly in recent years.

In 2016, 35 fines were handed out worth £3.2 million, whereas in 2015, 18 fines were issued worth £2 million.

The ICO can currently issue fines of up to £500,000. When the General Data Protection Regulations come into force on 25th May 2018, fines of up to €20 million (about £16.75m) or 4% of annual global turnover (whichever is higher) could be imposed!

To avoid hefty fines, you need to make sure that you are complying with the Data Protection Act and preparing for the new Regulations.

The main changes of the General Data Protection Regulations are as follows:

  • In cases of data breaches, for example an accidental loss of data, organisations must notify the relevant data protection authority without undue delay and where possible no later than 72 hours after the breach. Data subjects must also be informed without undue delay about breaches that could pose a high risk to their rights and freedoms.
  • A subject may request that their data is deleted if there are no legitimate grounds for retaining the data. This is known as the ‘right to be forgotten’ or ‘right to erasure’.
  • When a subject’s consent is required, they must be asked to give it by means of a clear affirmative action, such as a written statement. Silence or inactivity is not a sign of consent.
  • In regard to subject access requests, employers can no longer charge a fee. The only exception to the general rule is if the request is “manifestly unfounded or excessive”. The employer must respond within one month. This may be extended in certain circumstances, for example, if the employer has to deal with a particularly complex issue.
  • Organisations must appoint a ‘data protection officer’ if they process sensitive personal data on a big scale, or regularly and systematically monitor data subjects on a large scale.

The clock is now ticking, so make sure you are getting ready for the changes highlighted above. The ICO has prepared 12 steps to take in preparation for the Regulations next year, but if you have any concerns about data protection, contact your Employment Law Adviser who can guide you.

Find what you were looking for?

Our FREE resources library contains over 200 searchable blogs, guides and templates focused around Employment Law and Health & Safety issues that employers face on a day-to-day basis.

Get your FREE download

We combine the service quality of a law firm with the certainty of fixed-fee services to provide expert, solutions-focused Employment LawHR and Health & Safety support tailored to employers.

Call us on 0345 226 8393.

Get your FREE download

We combine the service quality of a law firm with the certainty of fixed-fee services to provide expert, solutions-focused Employment LawHR and Health & Safety support tailored to employers.

Call us on 0345 226 8393.

Before you go…

We can help with that HR problem or health and safety query. If you’re an employer, leave your details below and our team will call you back.

Register your interest

Submit your details and one of our team will be in touch.

Get your FREE consultation

Submit your details and one of our team will be in touch.

Download your FREE guide

Submit your details below.

Request a callback

Submit your details and one of our team will be in touch.

Need some help?

Call our team now on:

01244 668 182

Request a Callback

Submit your details and one of our team will be in touch.

Request a Callback
Hi, how can we help?
Click the button below to chat to an expert.

Get your FREE consultation

Submit your details and one of our team will be in touch.