On Friday 25th May next year the UK’s 1998 Data Protection Act (DPA) will be replaced with the EU’s General Data Protection Regulation (GDPR). While there are some questions regarding whether GDPR will still apply to the UK after Brexit, it is highly likely that GDPR will be converted to UK law through the Great Repeal Bill.
So what is the GDPR?
The GDPR is Europe’s new framework revolving around the storage and handling of an individuals data. It will be enforced by the Information Commissioner’s Office (ICO), and provides new rights for people to access and have a say about the information that companies hold about them.
How does this affect me?
According to the ICO, GDPR is likely to affect anyone previously subject to the DPA, whether they work for a large multinational company or an SME. The new regulations will also provide the ICO with the power to exercise fines much higher than the £500,000 penalty they can currently give out. In fact, smaller offences could result in fines of up to €10m or 2% of the firm’s global turnover (whichever is greater), whereas serious offences can be up to €20m or 4% of their global turnover (whichever is greater). To put that into perspective, fines for data breaches last year would have been 79 times greater if GDPR was applied.
With recent high profile cyber-attacks highlighting the cost of data protection breaches, it’s important to wise up on safeguarding methods, and with the ease and sophistication of data collection currently employed by all businesses, ignorance will be no easy defence for compliance failure.
Meet our chair
Lynn Wyeth – Information Governance Manager for Leicester City Council
With over 10 years’ experience as a practitioner, Lynn holds a postgraduate diploma in Information Rights and the Certificate in Security Management Principles, as well as being an accredited HSCIPP privacy practitioner.
With previous experience working as an MP and MEP’s political assistant, Lynn moved to her local council where she now oversees the Council’s Information Governance agenda, including data protection, freedom of information, information sharing, RIPA and CCTV.
Lynn is also the author of two books, A Practical Guide to Handling Freedom of Information Requests and Data Protection: Compliance in Practice. Along with helping health organisations with their information governance procedures, Lynn’s vast experience makes her the ideal chair for our Understanding Data Protection & GDPR workshop. There she will discuss a range of issues including the ICO and DPA, privacy and information sharing, effective data protection culture and managing data risk, as well as fielding any questions you may have.
Do you have a team of staff at your organisation who would benefit from Data Protection and GDPR training? We also offer this course as a highly flexible In-House training session, delivered direct to your organisation on a date to suit you. Contact our In-House Training team on [email protected] to find out more.