Raworths LLP
Businesses need to prepare for changes in data protection laws Businesses need to prepare for changes in data protection laws

News / Articles

Jan 18

Businesses need to prepare for changes in data protection laws

Written by Phil Parkinson

DDI: 01423 724606
E: phil.parkinson@raworths.co.uk

New data protection laws (GDPR) will be introduced this May and businesses in the region will need to adapt and plan resource around it. The mismanagement of data can already have serious implications, however up until this point in time, the law has failed to reach many organisations, further down the chain, who may have had careless data sharing practices, (data processors).

Data processors are a separate legal entity and examples include payroll, marketing or IT companies that your business may send data to, or you may even be one of these data processing businesses.

Under the current law (applicable until the GDPR takes effect on 25 May 2018), these secondary handlers of data are generally only subject to contractual obligations imposed on them by data controllers, (the company who collected the data in the first place), and it is this company that retains the responsibility for any breach of the law.

The GDPR will change this. There will need to be specific written agreements between a company (the controller) and any secondary holders (processor) and it places direct obligations on the processor, such as the requirement to implement appropriate technical and organisational measures to secure data, to keep records and data breach notification requirements.

The reasons for imposing these onerous requirements on processors is largely to tighten up on sloppy data sharing practices – for example, if a consumer passed their details to ‘Company X’, their data might then be outsourced to various organisations down the chain who didn’t have accountability for how they handled it. The GDPR will shine a light on such careless data sharing practices.

This means that if you are a business who collects, or manages data on another company’s behalf you need to make plans now. Carry out due diligence on the companies you use for your processing, or if you are a processor, carry out that due diligence on the data controller – as it’s their data you are now liable for. You will also need to enter into written contracts.

There are advantages of spending the time now to prepare. If your business is a trusted one which can safely handle its processes, you will be better placed to attract new business.

  • « Older Entries
  • Newer Entries »

‹  Return to News / Articles

Other News

Nov 18

Minimising the impact of conflict on children

Good Divorce Week (26-30 November 2018) aims to provide practical help, highlighting ways for separating parents to put their children’s needs first, as well as calling on the government to...


Nov 18

Universal Credit – what separating spouses need to know

As the controversy around universal credit continues, Jo Lofthouse looks at the contentious policy and explains what divorcing couples need to be aware of. Universal credit is the benefit payment that was introduced in 2012 with a phased roll out. It was introduced in Harrogate...