Ironbridge
Helping hands
Oak tree rings
Rowing boat
 
01743 248148
reception@pcblaw.co.uk
   
 
 

Happy Birthday! GDPR and Data Protection 1 year on

Following 12 months since the implementation of the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA 2018), we look at the impact of the regulations. Like the millennium bug before it, GDPR has been and gone and the Data apocalypse failed to materialise. However, for those not listening to the scaremongering the Information Commissioner's Office (ICO) stated that this was an evolution not a revolution.

What has changed?

GDPR and DPA 2018 did bring about some significant changes to data protection, but they also reaffirmed the requirements set out in the Data Protection Act 1998 (DPA 1998).

One of the biggest changes has been consent. Under the GDPR, marketing consent must be explicit and an opt in process. The burden of proof to show consent has shifted to the Data Controller and businesses will now need to prove consent wasn’t required due to legitimate processing conditions being met.

Another change has been fines and claims. Under the DPA 1998, fines were a maximum of £500,000. Under the GDPR, businesses are now subject to fines of between 2-4% of their previous year’s annual turnover.

Claims by individuals for data breaches now only need to show ‘harm' rather than actual financial loss, which is a much lower evidential burden than under the DPA 1998.

Under the DPA 1998, individuals had the right to request a copy of their data known as a Subject Access Request (SAR) on payment of a fee. Under GDPR SAR’s no longer require a fee. In addition, individuals now have a right to have their personal data transferred, the right to rectification, and the right to erasure.

These are just some of the changes implemented by GDPR and the DPA 2018, which businesses should be implementing in addition to assessing their compliance with data protection.

Our head of Employment and Dispute Resolution Ryan Bickham states: ’12 months on from the GDPR implementation the fear of small businesses being hit with massive fines was an exaggeration, however this should not mean businesses should be complacent. We have already seen an increase in businesses and individuals seeking advice on data breaches and the potential claims for compensation. We would advise businesses to continue to review their data protection compliance and ensure that individuals data is protected. One of the biggest areas of risk is when data is shared with third parties. Businesses should ensure that they have rigorous procedures in place to deal with sharing and allowing access to personal data.’

If you need advice or assistance with your Data Protection compliance, then please contact Ryan Bickham at our Shrewsbury office either by email or by telephone on 01743 248148.

PCB Solicitors have offices throughout Shropshire and Mid Wales in Shrewsbury, Telford, Church Stretton, Ludlow, Knighton and Clun (by appointment). 

 
 

In this section:

What People Say

To read the most recent testimonials from appreciative clients click here

Free Case Assessment

Discuss your needs commitment free so you can plan your next move. Contact us today. 

Newsletter

Keep updated with our newsletter.

 
Church Stretton:01694 723818
Knighton:01547 528332
Ludlow:01584 878456
Shrewsbury:01743 248148
Telford:01952 403000

Share PCB

 
24hr Emergency Line: Need to speak to someone urgently? Call confidentially on 07974 648495, any time of the day.