Businesses Unclear About Ways to Protect Themselves Ahead of GDPR Changes

18 January 2018


Local businesses are still unclear about the opportunities to protect themselves ahead of the forthcoming implementation of the General Data Protection Regulation (GDPR) on 25th May 2018, according to a legal expert on the far reaching legislation.

Clare Bates, legal consultant at Carson McDowell, was speaking at the first of the firm’s five GDPR workshops which took place today at The Mac in Belfast.

With GDPR, failure to notify the Information Commissioner's Office (ICO) of a personal data breach when required to do so could result in a significant fine of up to €10m or 2 percent of your global turnover, whichever is the greatest. The fine for a personal data breach could be up to €20m or 4 percent of global turnover, whichever is higher.

The fines will be imposed on a case by case basis and they will be ‘effective, proportional and dissuasive.’

Ms Bates said: “We see GDPR as the most exciting change in the field of data protection law for over 20 years. We also recognise that such a wide ranging legal shift is making businesses anxious and we want to provide advice so that they can respond effectively.

“With the rapid growth of the digital economy a vast amount of personal information is held online and by organisations. The law has to keep up with the fast pace of technology and this regulation will support that. Fines will be implemented not only for data breaches, but also for failure to have the right processes in place.

Ms Bates said that many businesses don’t realise that in addition to updating policies and procedures internally, organisations can also insure themselves against a fine.

Harry Weir and Jo Cracknell from leading global advisory, broking and solutions company Willis Tower Watson also spoke at the event to offer practical advice on how to prepare for the changes.

Mr Weir said: “Insurers will expect several actions to have been completed before they will provide cover for GDPR fines. A business must be correctly registered with the ICO in the first instance. There must be a designated person appointed within a business who is responsible for compliance with GDPR. Additional activity should also take place to update your policies and procedures, educate your workforce and raise awareness throughout the organisation.”

Ms Bates concluded: “The response to our workshop series has shown that businesses are taking this issue seriously. GDPR provides a real opportunity to improve the service that you offer and the way that you manage personal information at every level of your organisation. There is still time to register for our other four workshops which take place between February and April.”

For further information on Carson McDowell’s GDPR seminars please email [email protected].