Data protection law overhaul – are SW firms ready?

News Desk
Authored by News Desk
Posted Wednesday, February 15, 2017 - 8:44am

Devon businesses could risk seven figure fines by falling foul of new data protection rules, according to a local expert. A survey carried out at the recent Cyber Security Awareness Week in Exeter showed that none of the attendees were ready for the new law, with half yet to take any action to prepare.

The General Data Protection Regulation 2016 (GDPR) will come into force in 2018, bringing major changes to the data protection laws, along with fines of up to two million Euros or 4% of worldwide turnover. The UK is a leading the way on data protection and the government has confirmed the GDPR will apply in the UK in full despite the recent Brexit vote.

Jowanna Conboye, solicitor at Stephens Scown LLP and a specialist in data protection law said: “While many local businesses are getting ready for the data protection changes, some have yet to get off the mark. This needs to be one of the key priorities for businesses this year. Although the law does not come into force until next year, some businesses will need to make major changes to their systems and procedures to be compliant and they need to start now.

“We asked attendees at a recent Cyber Security seminar if they were ready for the new rules and none of them were. Half had started getting ready, but half had yet to take any action. This was a small sample, but from my experience it is representative of the wider business community in the South West, where awareness is low about the scale and impact of the new changes.”

Along with the increase in the fines which can be imposed, GDPR will apply to data processors for the first time. The new rules will also make it harder for businesses to obtain consent to use data, removing the current allowance for “implied consent” and instead requiring unambiguous consent. Businesses will also need to get a customer’s consent for customer profiling and will need to conduct Privacy Impact Assessments.

Jowanna adds: “The impact of GDPR will be huge. Businesses will need to audit their existing processes and change the way they collect, store, use and share data. However, the law will also bring opportunities and I’ve found that businesses who have started auditing the data they hold, have all found that they end up with better data which gets a better response from their marketing efforts.”

Stephens Scown has over 290 staff, including more than 50 partners, across its offices in Exeter, Truro and St Austell. It was named UK Law Firm of the Year at the British Legal Awards 2016. For more information visit www.stephens-scown.co.uk

Share this