On 25 May 2018, data protection law changed significantly with the introduction of the EU General Data Protection Regulation (GDPR) and UK Data Protection Act 2018.

Key changes under these laws affect almost all businesses. The rights of EU citizens to control their personal details have been enhanced and new unified obligations have been placed on those dealing with personal data. However, even though the deadline has passed, this is not the end of the compliance journey and organisations must continuously act to ensure they fully comply with the rules.

Previous data protection legislation (the Data Protection Act 1998 in the UK) was based on the Data Protection Directive of 1995 (the 1995 Directive) which set out key legal principles for dealing with personal data. For the past 15 to 20 years, these principles have been adopted in national legislation throughout the EU Member States in different ways, resulting in a disjointed approach to data protection in Europe. The GDPR replaced the 1995 Directive and is directly applicable in every EU Member State. This means there is now a single set of rules to avoid contradictory approaches across the EU.

Data Breach Response Helpline

Data breach reporting is now mandatory in many cases. If you believe your business may have suffered a personal data breach and/or something goes wrong, MacRoberts' Data Breach Response Team is on hand to guide you through the response process. For fast and effective assistance, please call our helpline on 0300 303 1019.

    • GDPR Go to jail, move directly to jail, and do not collect any personal data Last week, the Information Commissioner’s Office (ICO) – the UK data protection authority – brought proceedings against a motor industry employee who had been accessing personal information from customers without permission. The resulting sentence was six months in prison.
    • GDPR The right not to be subject to automated decision making – the implications for your business By virtue of Article 22 of the GDPR, individuals have “the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.” In this e-update we explore this provision and consider the potential implications for your business.
    • GDPR Data Protection, Privacy & Cyber Security Compliance Data protection law changed significantly in May 2018 with the introduction of the GDPR and UK Data Protection Act 2018. The 25 May 2018 deadline has passed – does this mean we can forget about data protection?
    • GDPR English court decides there is no automatic right to compensation for data breach victims Justice Warby of the Judiciary of England and Wales recently handed down his judgment in the case of Lloyd v Google LLC, which denied permission for claimants to bring a class action against Google for a breach of the Data Protection Act 1998 known as the “Safari workaround.” This decision, although taken under the “old” data protection rules, may also have consequences for any subsequent actions taken under the new data protection legislation – the GDPR and the Data Protection Act 2018.
    • GDPR The new data protection fee – ICO cracks down on non-payment! The Information Commissioner’s Office (ICO) has recently issued 34 enforcement notices to organisations who have failed to pay the new data protection fee under the GDPR and Data Protection Act 2018 (DPA 2018).

Data Protection & Cyber Security

Cyber security and key changes under the GDPR and UK Data Protection Act 2018 affect almost all businesses. Our online hub contains a wealth of information and insights on what your businesses should be doing to ensure full compliance with the law.

Latest updates from @MacRoberts