New ‘Getting Ready for the GDPR’ Guide
10 February 2017
The General Data Protection Regulation (“GPDR”) comes into force on 25 May 2018, and many businesses are beginning to prepare for its introduction. While the GDPR builds on familiar concepts and rules, it also brings about many changes. To help prepare for these changes, we have launched our "Getting Ready for the GDPR" Guide. The Guide will serve as a helpful resource for those looking to get to grips with the GDPR in the coming months.
Does the GDPR apply to me?
The GDPR expands the territorial scope of EU data protection law, meaning a greater number of organisations will now be subject to it. The Guide explores the broad scope of the GDPR and explains which businesses could be caught by its wide net. Given the degree of work that many organisations will need to do to get ready for the GDPR, it’s important to understand, from an early stage, whether the GDPR applies to your organisation.
Preparing for Implementation
Organisations need to get GDPR ready by May 2018. Once the GDPR becomes law, the majority of its provisions will immediately apply. This means that organisations cannot wait to remediate issues or implement changes after 25 May 2018.
The Guide explores five broad areas of implementation:
- Gap and compliance analysis
- Contracting and policies
- Record-keeping and privacy governance
- Security, and
- Privacy Impact Assessment and Privacy by Design
Each of these issues are likely to be relevant to the majority of organisations to which the GDPR applies.
Changes to existing law?
While the GDPR builds on many familiar rules, it also introduces a number of significant changes and new legal concepts. The Guide explores a variety of these changes, including increased obligations around consent, greater transparency requirements for privacy notices, new security rules and breach reporting obligations, a revamped regime for enforcement, remedies and liability, and the introduction of the principles of privacy by design and default. In addition, one of the most notable and newsworthy changes is the introduction of the ability for regulators to levy significant fines in cases of non-compliance.
Role and sector specific changes
Finally, the Guide explores certain roles and sectors and the relevance and impact of the GPDR in each context. In particular, the Guide provides an insight into how the GPDR will affect public sector organisations and HR managers. The Guide also analyses the impact for contracting, given the increased obligations for data processing agreements, and responsibilities around compliance and risk management, arising from the accountability principle.