A summary of data protection developments from Cordery Legal
We’ve recently received this excellent information from Cordery Legal Compliance, who has kindly given us permission to use this article to highlight the changes in Data Protection.
One particularly interesting part of this article is the information on ‘subject access requests’ (SAR). We can help our customers to remain compliant with the General Data Protection Regulation (GDPR), by scanning and hosting records on our live-Docs products. Through hosting records on Live-Docs our customers are able to quickly and easily retrieve information as it is requested and therefore easily respond to subject access requests.
Here’s a summary of the recent changes that surround data protection.
Many organisations are well advanced in their Brexit preparations. If the UK goes into a ‘hard’ or ‘no deal’ Brexit that could happen in a little over 30 days. That’s not a long time to prepare with issues like data transfers and the possible need to appoint a Data Protection Representative, especially if you need to put new agreements in place with customers or suppliers. We have some films explaining both of these issues here http://www.corderycompliance.com/hard-brexit-and-data-protection/.
Subject Access Requests
A lot of our clients continue to have issues with subject access requests – especially from awkward customers or departing employees. A recent pre-GDPR case may also have extended subject access rights to non-EU citizens. In this case, the UK DPA upheld a subject access request by a US citizen. There’s more on this case here – http://www.corderycompliance.com/ico-secures-criminal-convictions-against-ca-in-sar-case/
GDPR – the story so far
At the end of January, the total number of complaints across the EU was more than 95,000. In addition by the same date, there had been over 41,000 data breach notifications to DPAs across the EU. This short film here looks at some of the statistics and looks at the countries which have been the most active – http://www.corderycompliance.com/gdpr-state-of-the-union/
The biggest GDPR so far was the Google fine in France at €50m. Other countries are likely to follow suit. There are some interesting aspects to this case including the rise in transparency being an issue under GDPR and the increased role of pressure groups. We have a film and alert on that case here – http://www.corderycompliance.com/french-data-protection-authority-fines-google-e50m-for-violations/
As you’ll see from the figures there are lots of data breaches and deciding whether to report a breach or not can be a tough decision. DPAs have been criticising organisations for getting this wrong – including where they think an organisation has reported when it shouldn’t have. We’ve helped organisations large and small work through their data breaches. There’s a short introduction to some of the considerations here – http://www.corderycompliance.com/dealing-with-a-data-breach/
Civil liability after data breaches
We’ve talked before about the Morrisons case in the UK which seems to extend civil liability after a data breach. Here the company was responsible for compensation to data breach victims even when an employee committed a criminal act. There have been more developments in this case which we’ve summarised here – http://www.corderycompliance.com/client-alert-court-of-appeal-confirms-morrisons-vicarious-liability-for-actions-of-rogue-employees/
If you would like to discuss with us any of the topic raised in this article then please give us a call on 01827 726934 and find out how we can help you.