Network Communications News (NCN) June 2017 | Page 11

TALKING POINT T ‘The huge growth of the digital economy in recent years requires a more robust legal framework to ensure public confidence in the protection of information.’ ough new EU laws mean businesses could be liable for fines of up to £17m or four per cent of their worldwide turnover. Many organisations across the public and private sectors are not prepared for the changes. GDPR comes into force on 25th May next year and all organisations which retain or process personal information will need to comply. Blake Morgan has launched a free guide on its website to mark the one-year countdown to GDPR. Data protection specialists at the firm have been alerting clients to the new rules in how they handle personal data – including the ‘right to be forgotten’. We are now less than a year away from a major shake-up of information governance laws at a European level and it’s fair to say that many businesses and public sector organisations are underprepared. The huge growth of the digital economy in recent years requires a more robust legal framework to ensure public confidence in the protection of information and organisations now need to adapt to these higher standards. It is not only reputation that is at stake for failure to comply as there will be a significant increase in monetary penalties. Our data protection and regulatory experts have carefully devised this guide which highlights the most important actions organisations should take to comply and I would urge decision-makers to take a look. Blake Morgan has offices in Cardiff, London, Oxford, Portsmouth, Reading and Southampton and it is important that businesses and public bodies act now to understand the regulations and implement measures for compliance. Our report GDPR: A Practical Guide to Achieving Compliance gives detailed and informed analysis on key changes on the way, including businesses being liable for fines of up to £17m or four per cent of their annual worldwide turnover (whichever is greater) for data breaches and organisations having just 72 hours from the discovery of a breach to report it. Among the action points in the guide are: R eview customer-facing terms and privacy policies. These are likely to need substantial revisions to meet the new requirements; D ecide whether a Data Protection Officer needs to be appointed in-house. Alternatively, explore whether you could outsource the role; R eview contracts with processors to ensure they have robust provisions around record-keeping; E nsure that the risk of penalties for non-compliance are fully understood at board level; and I f y o u co l l e ct i nfo r m at i o n a b o u t c h i l d re n t h e n y o u m a y n e e d a p a re nt o r g u a rd i a n ’ s co n s e nt to p ro c e s s t h e i r d ata l aw f u l l y . C o n s e nt m u s t b e ve r i f i a b l e a n d p r i va c y n ot i c e s m u s t b e w r i t te n i n l a n g u a ge t h at c h i l d re n w i l l u n d e r s ta n d . Blake Morgan is the only law firm accredited to provide the BCS Certificate in Data Protection course, which is an intensive five-day course leading to a professional qualification (on successful completion of an externally marked exam). The qualification is ideal for anyone with data protection responsibilities, particularly those taking on the Data Protection Officer role under the GDPR. Blake Morgan’s lawyers of fer both a star t-to-finish consultancy p a c ka ge fo r a c h i ev i n g co mp l i a n c e a n d a co m p lement of i n d i v i d u a l se r v i c e s to target k n ow n a re a s of co n c ern . Despite the Brexit negotiations, the government has confirmed that the UK will be implementing the new rules in full and there are good reasons for assuming that the UK will continue to apply European standards for data protection for many years to come. Blake Morgan’s data protection and regulatory experts are available to answer questions from organisations about GDPR at [email protected]. For further information visit www.blakemorgan.co.uk/GDPR June 2017 | 11