General Data Protection Regulation (GDPR)
On 25 May 2018, two new pieces of legislation became effective in the UK: General Data Protection Regulation (GDPR), and Data Protection Act 2018.
This new regime of data protection law re-enforced and tightened the fundamentals in place under previous laws (like the Data Protection Act 1998) and also added more rights for individuals and obligations on companies.
This change in law has been given so much publicity and attention particularly due to the increased penalties attached to breaches (up to €20 million or, if greater, 4% of the previous year’s global turnover), but it has been embraced by many companies as an opportunity to “clean house” of out-dated or unused data, adopt consistent approaches across the European Union and deliver more productive marketing lists.
As the new laws are already on the “statute book” in the UK, BREXIT should not have an immediate impact on data protection law (subject to the consequences of an Exit Deal).
Companies therefore have some certainty over the immediate future and what actions must be taken to obtain and maintain compliance with the new data protection laws.
If we can assist you in how your company uses data in relation to the new laws or associated rules (such as the Direct Marketing laws), please let one of dedicated Contracts & Technology team know.