25 May 2018, a day that may already live in infamy due to the sheer volume of commentary around the introduction of the EU General Data Protection Regulation (GDPR), the most significant update and expansion of data protection law since the introduction of the Data Protection Act back in 2000.

As much as we would like to tell you that Brexit will mean that you do not have to worry about complying with this new set of rules, the GDPR will come into force way before the UK can leave the EU, even on the most optimistic prediction, and given that the new Data Protection Bill 2017 currently passing through parliament transposes its provisions into UK law and even expands upon them, there is no other option than to get down to asking some fundamental questions about where your business obtains data from and how that data is used.

Awareness of data protection legislation has historically been pretty low in the UK, and many businesses have seen compliance with the current regime as more of a luxury than a priority. As much as we have seen some high-profile breaches and equally high-value fines handed out in extreme examples of breaches, the ‘one-size-fits-all’ compliance model policed by the Information Commissioner’s Office (ICO) has seen many businesses, notably SMEs, view privacy concerns and the likelihood of a claim or regulatory sanction against them as simply another example of EU-led red tape with which they will comply through gritted teeth.

Apr-Jun 2018 issue