The General Data Protection Regulation (GDPR) becomes law with direct effect on 25 May 2018 and will affect all organisations.
It is the most far-reaching reform of data protection law in over three decades and will replace the Data Protection Act 1998 in its entirety. Brexit is unlikely to have any long-term effect on the shape of future data protection laws in the UK, so all organisations must begin planning for compliance now if they haven’t already!
Key reforms include:
- a change in culture – you need to consider the data protection aspects of everything you do “by design” and “by default”;
- compulsory notification of data security breaches to the Information Commissioner’s Office;
- tighter rules relating to data subject consent and provision of privacy notices;
- risks and liabilities are increased if you contract out to other parties any data processing activities; and
- financial and other penalties for not complying with the GDPR will be significantly greater.
View our 'GDPR Strategy Guide' to see how we can help.
"Shrewsbury House School Trust have found the Barlow Robbins’ Platinum Service a most effective support tool in their preparation for compliance to GDPR. The training, the audit questionnaire and related resources provide a comprehensive and easy structure to follow which enables everyone to identify matters that require attention in a logical and manageable way."
Mrs Jan Hand, Director of Communications & Compliance, Shrewsbury House School Trust
"In looking at the GDPR we needed a legal advisor that would help us understand how the GDPR applied to our specific context. Barlow Robbins was able to provide that advice in an informed and accessible way."
William Kenny, Assistant General Counsel – Asia, Compassion International Inc.