GDPR: 11 steps to take
26 July 2018
The data protection landscape has changed. The EU General Data Protection Regulation (“GDPR”) came into force on 25 May 2018.
The GDPR has introduced a number of changes to data protection law including:
- expand the territorial scope of data protection laws;
- increase the penalties for transgressions from a maximum of £500,000 under the old law to up to €20,000,000 or 4% of worldwide turnover, whichever is higher; and
- radically change the processing, recording and other compliance obligations of businesses.
British businesses can’t count on Brexit to let them off the hook. The GDPR is directly applicable law until the UK leaves the EU. Even after Brexit the regime will remain in force through the Data Protection Act 2018. It seems then that the new data protection regime is here to stay.
Lots of businesses have already made major changes in order to navigate the new data protection landscape, but some are still in the process of getting their compliance programme in place. We’ve set out here some key things to consider in the post-GDPR world.
Heathrow fined over data breach09 October 2018
The Information Commissioner’s Office (“ICO”) has made a civil monetary penalty order for the sum of £120,000 against Heathrow Airport Ltd (“HAL”) after a lost data stick containing the sensitive personal information of a number of staff members was found by a member of the public.