The changing landscape of data protection legislation

Business and Regulation

Clare Copas


Clare Copas

The changing landscape of data protection legislation

For the past twenty years we have been living in the age of the digital revolution.

With the growth of the internet, social media and the sophistication of technology, our lives have changed significantly. From how we communicate, travel, shop and conduct business, digital advances have certainly brought convenience to our lives.

There is however a cost to that convenience, which is our privacy; a priceless commodity, particularly when it falls into the wrong hands. The digital era has also seen how personal information can be subtly exploited by technologies such as internet applications, smartphones and wearable devices. The growing concern regarding the continual abuse and exploitation of personal information has led to the greatest shakeup in data protection legislation in decades.

25th May 2018 sees the implementation of the EU General Data Protection Regulation (GDPR), which introduces sweeping changes as to how privacy is protected throughout Europe. GDPR has significant implications and effects for the corporate world and the individual. The legislation recognises the individual’s fundamental right to privacy and forces businesses and organisations to respect that right to privacy in how they collect and process personal information. Financial fines of 4% of turnover or €20,000,000 (whichever is the greater) will be introduced, together with harsh sanctions in the event that businesses and organisations get things wrong. It will definitely not be business as usual after 25th May 2018.

GDPR will impact on all business owners and organisations who are involved in the collection and processing of personal information; from the Sole Trader to the global corporate and encompassing all those in between. The new legislation changes how these companies and organisations must handle and protect employee, customer and client personal data. Numerous policies and procedures will be enforced, many of which are mandatory such as detailed privacy statements, comprehensive record keeping data breach reporting (within 72 hours of discovery) and data breach logging. Business owners and organisations are also legally required to have appropriate operational and technological policies, procedures and systems in place to safeguard personal data. Failure to demonstrate that these policies and procedures exist will result in attracting the unwelcome attention of the Data Protection Regulator who has powers to potentially close a business.

The new legislation greatly favours the privacy rights of all individuals. Existing data protection rights are greatly enhanced and individuals’ are afforded additional powerful rights as to how their personal information is collected and processed by the business community. One of the major changes that will be introduced with GDPR is that from 25th May 2018 an individual will have the right to legally sue any company or organisation should their data be compromised or breached in any way. This will have a major impact on the business world as they will also face investigation, potential financial fines and sanctions from the Regulator, resulting effectively in a double whammy!!

As the countdown to GDPR implementation date draws closer, businesses and organisations should already be preparing for the seismic changes in data protection legislation. For those who have yet to commence their preparation, get that roadmap implemented today!. The preparation process is challenging and time consuming. It is crucial that businesses and organisations become aware of their GDPR responsibilities and then conduct an holistic overview of all the data processing activities that the business is involved in. Preparation should include comprehensive audits, and reviews of existing policies, procedures, systems and data categorisation. In the event that any data processing activities are outsourced to vendors or Third Party Stakeholders, thorough due diligence should be conducted to ensure they also meet GDPR accountability requirements. Adequate time should be allowed for the testing and implementation of new systems, policies and procedures before 25th May 2018.

Is your business ready to meet the deadline?

For support and guidance on GDPR preparation you can contact the writer at

Authored By Clare Copas “PCdp”

MonClare Data Protection Consultancy

Phone: 087 4616012