By Michael Burd and James Davies Thursday, 25 February 2016

Flickr/perspecsys.com

Flickr/perspecsys.com

Get ready for the new EU data protection law

WORKPLACE RIGHTS: Businesses need to start planning now for the 2018 data legislation as the financial penalties for non-compliance are steep.

Political agreement has been reached on an EU-wide data protection law designed to create a 'one-stop shop', with a common set of rules applying across the continent. This will effectively replace the UK's current Data Protection Act.

The law bites on any area in which a business processes data on individuals (eg, customers, suppliers, users of a website). But it is probably in relation to employees that businesses process most data, in terms of both its range and quantity.

Importantly, the regime is backed up by a much fiercer penalty regime than presently applies. The maximum penalty for non-compliance will be 20m or 4% of an undertaking's worldwide turnover, if that is higher. This is likely to focus minds at board level in most organisations.

While the new legislation will not be implemented until 2018, extensive forward planning and preparation will be required. From the top down, organisations need to embrace a culture of taking data protection responsibilities seriously and should start identifying the policies, processes and training they will need to put in place to ensure compliance.

Michael Burd and James Davies work at Lewis Silkin LLP solicitors. Email them at: employment@lewissilkin.com

Before commenting please read our rules for commenting on articles.

If you see a comment you find offensive, you can flag it as inappropriate. In the top right-hand corner of an individual comment, you will see 'flag as inappropriate'. Clicking this prompts us to review the comment. For further information see our rules for commenting on articles.

comments powered by Disqus