Prepare now for changes in data protection that will affect all firms

Prepare now for changes in data protection that will affect all firms

If you haven’t already started, time is running out to prepare for the biggest change in data protection in a generation with the implementation of the European Union’s General Data Protection Regulation (GDPR).

On May 25, 2018, the GDPR will replace the 1998 Data Protection Act and 1995’s Data Protection Directive 95/46/EC following a two-year post-adoption period. The GDPR is designed to harmonise data privacy laws across Europe, protect and empower citizens’ data privacy, and reshape how organisations deal with data privacy.

Any company handling data that relates to EU citizens will have to comply with the new regulation or face financial penalties.

The GDPR applies to all organisations working within the EU and also to those outside EU borders who provide products and services to customers within the EU.

Despite the British Government currently negotiating the UK’s department from the European Union, it will implement the GDPR on May 25 along with the other 27 members of the EU.

Controllers and processors

Personal data means data relating to a living person who can be identified from that data or from data combined with additional information held by the person controlling the data. It covers names, addresses and telephone numbers and, to reflect the changes in the last two decades in a reflection of how we share our information, it also includes IP addresses and other online identifiers.

So, what does the GDPR mean in practical terms? The regulation divides companies into two brackets – controllers and processors. Controllers say how and why personal data is collected; processors use that information on the controllers’ behalf.

Processors will be legally obliged to maintain records of personal data and any tasks involved in processing data. Controllers must ensure all contracts with processors comply with the GDPR.

The GDPR will place specific legal obligations and liabilities on processors, such as maintaining records of personal data and processing tasks. Controllers will also be required to ensure all contracts with processors comply with the GDPR.

Introducing effective controls

The biggest change is that data collectors and controllers will have to regard the information they have as simply on “loan” from the customer. It is no longer an asset but, in fact, a liability. This means a cultural change in how companies handle the data they collect.

The GDPR introduces the principle of “accountability” – firms will have to carry out risk assessments on their data controls by examining what they intend to do with the data they collect and mitigating the risk of breaches or theft of personal information, among other responsibilities.

Some larger organisations may need to appoint a data protection officer where they collect data on a large scale that needs to be monitored regularly.

Other changes include:

  • Companies must ensure they only collect information specific to the service they’re providing;
  • Use accessible language to ensure customers gives their consent;
  • Notify the authorities of a data breach within 72 hours;
  • The “right to be forgotten” is enshrined where the subject can have his or her personal data erased and insist there is no further use of the data by any third party;
  • Privacy by design where data protection is part of a system’s core design rather than an addition.

Companies that do not comply with the GDPR will face financial penalties. The maximum fine is 4 percent of global turnover or £20 million, whichever is greater, with fines of 2 percent levied for not having records in order or not reporting a breach, for example.

Help on implementation

The General Data Protection Regulation will be covered in full detail at the next Inside Conveyancing & Legal Update conference in Leeds on April 24 when Jody Evans, Business Development Director at Legal Eye, will discuss how to prepare for its implementation. Book your place now.

This article was submitted to be published by Searches UK as part of their advertising agreement with Today’s Conveyancer. The views expressed in this article are those of the submitter and not those of Today’s Conveyancer.

Searches UK

https://www.searchesuk.co.uk

Searches UK is one of the country's leading Conveyancing Search providers.  Founded on the idea that you can combine first-class service with accurate and reliable conveyancing searches without having to compromise, it is our goal to ensure you get the results you need quickly and efficiently. We offer the full range of conveyancing searches, for both residential and conveyancing transactions, which can be ordered along with our Buyer Protect Scheme if required, ensuring that your clients benefit from our unique reimbursement scheme and are protected from some of the associated costs, should the transaction not complete.  We also offer a wide range of title insurance and indemnity policies and can provide fast turnaround times on EPCs, AML ID checks, Asbestos Surveys and Fire Risk Assessments too. All our searches are backed with fully comprehensive PI insurance, giving you complete confidence and peace of mind. We don't use call centres, so when you choose Searches UK, you get direct dial access to one of our skilled conveyancing search specialists, who will have the knowledge and expertise to ensure you get the most accurate results possible at the best value for money. At Searches UK we understand the difficulties you face in dealing with your risk and compliance obligations and we have ourselves been applauded by Legal Eye for having extremely robust systems in place.  In July 2012 we became the first search provider to have been awarded the Legal Eye Quality Standard. As well as being an appointed representative of First Title Insurance plc, which is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority under registration number 202103.


Contact: Searches UK Tel: 01273 776625 Email: info@searchesuk.co.uk Address Unit 2, Gemini Business Centre, 136-140 Old Shoreham Road, Hove, East Sussex, BN3 7BD    

Leave a Reply

Your email address will not be published. Required fields are marked *