Client Relationship Liaison Officer, Crowley Solicitors
Is it widely recognised among privacy professionals that the European Union’s General Data Protection Regulation (GDPR) is the most significant privacy legislation in many years, perhaps decades. GDPR awareness is now spreading beyond privacy conferences to the boardroom because of the regulations broad scope, contractual and operational impacts and eye watering fines of up to €20 million or 4% of an organisation’s previous years worldwide turnover.
Here is what you can expect in greater liability exposure with the GDPR, especially in connection with processing personal and sensitive personal data:
- The GDPR significantly adds to the protections for EU data subjects afforded by the existing Data Protection Acts 1988 – 2003 and the EU Data Protection Directive, which it will replace, while authorising record level fines for non-compliance up to a maximum of €20,000 or 4% of annual global revenue of the previous financial year, whichever is the higher, for certain violations and up to half those amounts for other violations.
- Under Article 32, both controllers and processors are required to ‘implement appropriate technical and organisational measures considering ‘the state of the art and the cost of implementation’ and ‘the nature, scope, context and purposes of the processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
- The GDPR makes data controllers liable for the actions of their processors and responsible for compliance with the regulations personal data processing principles. Consequently, just as data controllers will be looking to make changes to become compliant before the regulations effective date, so too will they need their data processors to demonstrate compliance.
- For organisations engaged in handling employee data, e-marketing, international transfers, third party vendors and the large-scale use of big data or special categories of data, GDPR compliance is a business must. Why? Because a data controller will find it easier and less risky to require each processor and its permitted sub-contractors to abide by the more stringent GDPR framework for all data being processed and will implement its processing oversight accordingly. In addition, GDPR readiness mitigates exposure under the penalties section of the GDPR in the event of a breach of legal obligations.
- Here at Crowley Solicitors, we have been making changes to be in compliance with the GDPR and are excited about the opportunity it presents to us to showcase our leadership in securing and properly treating the personal data which our clients entrust to us. We are also looking forward to the opportunity to help our clients meet the GDPR challenge by offering them GDPR compliance enabling tools and sharing best practices as we move forward.
For further information on how you can make your organisation GDPR fit, please contact Tracy Walsh, email@example.com or +353 21 4289560