All businesses collect and hold vast quantities of data about their customers and employees. That data is an important asset with many businesses relying on it to continue operating and can be a crucial aspect of valuing a business.
Data protection law aims to strike a balance between an individual’s right to privacy and the ability of organisations to use information about an individual for the purpose of their business.
In practice, this means that it is essential that all businesses have in place robust arrangements (both in terms of internal policies and procedures as well as contracts with its suppliers) to avoid data being lost, stolen, misused, damaged or destroyed prematurely. Any such incident could result in a large financial penalty, severe damage to the reputation of a business and a loss of confidence in it by its customers, employees and shareholders, as well as claims for compensation.
The General Data Protection Regulation (GDPR) came into effect on 25 May 2018 and replaced the Data Protection Act 1998 which regulated the use of an individual’s personal data.
The significant increase in fines that can be imposed under the GDPR for non-compliance should be a huge incentive for businesses to ensure they are compliant. For some breaches (for example those involving international transfers of personal data or failing to meet the conditions for processing data, such as obtaining valid consent), a business could be looking at a fine of up to 4% of annual worldwide turnover or EUR200 million. Other breaches could lead to a fine of up to 2% of annual worldwide turnover or EUR10 million.
Whilst businesses that currently comply with the Data Protection Act 1998 will have a good head start, the GDPR brings some significant changes, which businesses need to prepare for.
We can help by: