We hesitate to advertise another looming regulatory burden, but solicitors only have just over three months to ensure compliance with the General Data Protection Regulation.
An important point to note is that the Data Protection Bill – currently making its way through parliament – will not undermine the applicability of the EU-wide regulation from 25 May. The GDPR and UK bill should be read side by side. Where to turn for advice? The Law Society’s website has a dedicated GDPR page. This is being updated with a series of articles and other information outlining practical steps to make ready.
You also need to consult the Information Commissioner’s Office guidance (tinyurl.com/ya2gcd5d), which also pertains to the requirement (or not) to appoint a data protection officer. ‘To DPO or not to DPO’ seems to be the issue firms are most worried about. See also guidance for European bars (tinyurl.com/y8235xne).
With some breaches carrying fines of up to 4% of annual turnover, or €20m, this is not just another tick-box exercise. Field-testing conducted last week by the Financial Times showed that even some of our biggest high street retailers are ill-prepared, which hardly bodes well. Don’t join them in the dock later this year.