Data Protection is Changing - Are You Ready?


Data Protection is Changing - Are You Ready?


MAY 2017

Whilst it has now been confirmed that we will have left the EU by the end of April 2019, this does not mean that impending EU legislation which is due to be implemented in EU member states will not be implemented by the UK. One such upcoming regulation is the General Data Protection Regulation (GDPR) which is due to be implemented on 25 May 2018.

The GDPR will replace the existing EU Data Protection Directive on which the Data Protection Act 1998 is based. The GDPR is directly applicable in each member state which means that national legislation is not necessary. The benefit of this is that, without national interference the data protection rules for all EU member states will be the same, and therefore, it should mean that compliance with the rules is easier to adhere to.

What you need to know about GDPR?

Whilst the underlying concepts and principles of the GDPR are the same as those under the current EU data protection legislation; there are some new concepts introduced and several key changes which you will need to prepare for by May 2018. Those changes include:

  • Extending the scope of the data protection regulations to businesses outside the EU who operate within the EU;
  • Enhancing and tightening the rules on consent; Enhancing the rights of Data Subjects and introducing new concepts such as the ‘right to be forgotten’ and the right to request data transfer to a third party (data portability);
  • New reporting requirements for breaches of the Data Protection legislation;
  • The introduction of the concept of Privacy by Design and the need to include data protection in your plans, policies and procedures from the outset;
  • The requirement for Privacy Impact Assessments to be produced in high risk situations;
  • The introduction of tougher sanctions for breaches of the Data Protection legislation;
  • The introduction of a requirement for Data Protection Officers to be appointed in public authorities and organisations conducting high risk activities.

Whilst the above key changes are by no means the full extent of the changes introduced by the GDPR, they are a snapshot of some of the most important changes that your business needs to be aware of.

For most UK business the change likely to have the biggest impact is that relating to consent. Under the GDPR consent must be informed and must be given by an affirmative action. Silence, pre-ticked boxes and/or inactivity will not be sufficient. Furthermore, these provisions will apply to data acquired prior to the GDPR coming into place as well as data to be acquired after April 2019.

One key effect of this will be the need for businesses to review the data which they currently hold to determine what consent, if any, they have in respect of that data. Where any consent has not been fully informed, or expressly given, the business will need to consider deleting that data or contacting the data subject to get express informed consent, that is unless one of the other lawful processing conditions applies. The impact of this on such things as marketing databases could be significant.

If you would like more detailed information in relation to the GDPR and how this will affect your business please do not hesitate to contact a member of our Data Protection Team.

If you are interested to speak to our team on Data Protection and issues affecting your business, please contact James Howarth and Simon deMaid in the first instance who will be able to assist you.


Keep me informed

Fill out this form to receive updates, newsletters and invitations to seminars and events relating to the East West Corridor. We will never give your details to any third parties and you can unsubscribe from our communications at any time by clicking the “unsubscribe” link at the bottom of email communications. Your personal data will be processed in accordance with Howes Percival LLP’s privacy policy, which can be found here.

Fields marked with an * are required.


We know you're busy. But you still want to be informed with all things relating to the East West Growth Corridor. Sign up to get the latest news, reports, and thought leadership from our East West Corridor Team delivered directly to your inbox.

Howes Percival LLP is a limited liability partnership registered in England and Wales with registered number OC 322781 and is authorised and regulated by the Solicitors Regulation Authority. A list of members’ names is open to inspection at our registered office: Nene House, 4 Rushmills, Northampton NN4 7YB. © Howes Percival LLP

The information about legal matters is provided as a general guide only and should not be relied upon or construed as constituting legal advice and Howes Percival LLP disclaims liability in relation to its use. You should seek appropriate legal advice before taking or refraining from taking any action.

Web Design | Development & SEO by 123 Internet Group