Organisations that have had a ‘lackadaisical attitude’ so far to the data protection overhaul scheduled to take effect next May ‘have a lot of work to do’, lawyers have warned.
Once the General Data Protection Regulation (GDPR) comes into force, non-compliant organisations that commit a serious breach risk fines of up to 4% of their annual worldwide turnover for the preceding financial year or €20m (whichever is greater). The current ceiling on data protection violations is £500,000.
The GDPR will impose significant obligations on organisations that process personal data, and creates numerous challenges. These range from an obligation to demonstrate consent and the new right to be forgotten to the requirement on all public bodies to appoint a data protection officer.
In the first of a four-part series in NLJ on the General Data Protection Regulation (GDPR), Rollits specialists David White, senior solicitor, and Tom Morrison, partner, explore why the current data protection legislation needed updating and provide an overview of some of the key changes being introduced.