The reality of General Data Protection Regulation
Monday, March 4th, 2019
on behalf of Gilson Gray
Legal experts at Gilson Gray explain what’s really happened nearly 12 months since its introduction
AS the first anniversary of General Data Protection Regulation (GDPR) approaches, has the doomsday scenario predicted by many come to pass?
There were similarities with the ‘Millennium Bug’ with the level of hysteria being whipped up and the creation of widespread fear that computer systems would not be able to cope with the new date formatting, which would cause chaos around the world as sites and systems crashed.
Similarly, as the May 25 deadline for GDPR compliance approached last year, swathes of emails flooded inboxes as companies strived to ensure they didn’t breach the new data regulations.
Graham Millar, Partner, Employment Law at Gilson Gray, believes parallels can be drawn between the two as neither caused the chaos predicted by many.
He said: “GDPR has been similar in a lot of ways to the hysteria surrounding the Millennium Bug, however although we are almost a year beyond the compliance deadline, only now are we beginning to see the full impact of the changes.
“There’s been a few meaty fines dished out to the larger companies, such as Facebook but for the majority of businesses, those in the small to medium category, the impact has not yet been felt.
“The whole ethos of GDPR was to force all companies who collect or share information on individuals to review their practices and procedures. Do not use the ‘just because’ or ‘we have always done it that way’ as a reason to justify some poor practices – take the time to put in place more robust procedures, with the rights of the individual being at the centre of those procedures.”
GDPR was brought in to modernise laws that protect personal information of individuals and give people more control over their details.
To be compliant businesses must protect the personal data and privacy of its their staff and of anyone they perform transactions with.
Since it’s introduction, there has been a rise in the number of firms offering services as ‘GDPR experts’, something Graham urges caution over.
He added: “At present, the Information Commissioners Office are exceptionally busy, dealing with audits, complaints and the production of guidance, so the prospects of being involved in an ICO investigation for the vast majority of companies is still relatively low. The message is not to do nothing, and simply play the odds on the basis it might be some time before you are caught. If you are making genuine attempts to move towards compliance, you are more likely to get the support and encouragement of the ICO, rather than a fine. The ICO have made it clear their preference is to assist companies in reaching compliance, rather than immediately imposing a fine and confirmation of that attitude can be seen by referring to the enforcement section of the ICO website.
“Having said that, over the next few years, GDPR fines will become more common, as those organisations who have taken no steps are finally caught. Although the fines can effectively close a business, the bigger issue for many companies will be the impact on the business reputation. As any enforcement action taken by the ICO is a matter of public record, anyone Googling a business will immediately be referred to this enforcement action. Would you trust an organisation with your business if they cannot look after your personal data?
“That’s why it’s crucial businesses don’t bury their heads in the sand but instead use a trusted expert to ensure they’re fully compliant.
“Some people have set up as ‘GDPR experts’ to cash in on the fundamental changes to data protection. We have heard horror stories of clients paying thousands of pounds for a full GDPR audit, with the only recommendation being that they pay for an even ‘deeper audit’. You know your business best and with the right support and guidance, you should take control of your own audit and putting in place your own implementation plan.
“Our award-winning team at Gilson Gray are well placed to breakdown the complex intricacies of GDPR and guide people through the process in a friendly and professional manner.”
Gilson Gray picked up two awards at the 2017 Law Awards of Scotland adding to a host of other accolades, including six awards at the ACQ5 legal awards – the third year in a row that Gilson Gray has seen success – including Law Firm of the Year, Insolvency Lawyer of the Year, all for the second time in three years.
The Firm also won Corporate Firm of the year 2018, following previous recognition as Litigation Firm of the Year.
DO YOU WANT TO SHARE YOUR STORY WITH THE HELP OF OUR LEGAL PR TEAM?
Get in touch with one of our team now to discover how we can share your news across the media.
To find out what we can do for your business, phone us on 0131 561 2244 or take a few seconds to fill and submit the attached form and we’ll get straight back to you:
So how can we help?
If you have any comments or questions, please contact us.