The year 2018 (which yes is only 4 months away), is set to bring about fundamental changes within the sphere of data protection. These changes will completely alter the way in which personal data will be processed including, the mechanics in which such data is managed and in addition, the penalties associated with a breach of the incoming laws. The changes will be implemented by way of the EU General Data Protection Regulation.

Some of the changes being implemented by the GDPR include (amongst other changes) the following:

• Data controllers and processors will now need to appoint data protection officers (DPO) (where specified conditions are met) in order to advise organisations upon their duty to comply with the GDPR and offer a supervisory function;
• Strict conditions upon the lawful processing of data;
• An extended definition of consent;
• The introduction of heavy fines (i.e. the higher of 4% of annual worldwide turnover or Eur20 Million;
• The requirement to report data breaches within 72 hours; and
• To more generally, bolster the rights of individuals where their personal data is being processed.

The Government has, in preparation for the change, published a Statement of Intent (SoI) in relation to the UK Data Protection Bill (the “Bill”). The SoI sets out three objectives that will be achieved by the Bill including the following:

• Maintaining Trust – the public need to know that their personal data is safe;
• Future Trade – the flow of information between the EU and UK should continue without interruption; and
• Security – the ability to collect, share and process personal data for the purpose of security and law enforcement.

The SoI therefore sets out in clear terms, the objectives of the Bill and also provides that the UK will be utilising the flexibility provided by the GDPR in respect of how member states implement the GDPR. The SoI sets out that the UK Government is certainly taking the GDPR seriously and intends to implement it in a structured manner. The Bill itself is due to be published in September 2017 and we will look to provide specific guidance on the basis of the draft.

What remains vital at this stage is that employers, do not underestimate the importance of the GDPR and the need to prepare for its implementation. In the first instance, employers should look to conduct general data protection health checks in order to understand the current procedures that are in place. These procedures will need to be reviewed and potentially amended in preparation for the implementation of the GDPR ad subsequently, the Bill.

Should you have any questions surrounding the GDPR and its impact upon your business, please contact your Higgs Advisor.