The GDPR became effective in all EU member states and in the European Economic Area (EEA) jurisdictions on 25 May 2018, introducing a new harmonised data protection compliance regime.
A company’s failure to comply with relevant data protection legislation and implement an effective privacy compliance programme can trigger criminal offences as well as exposing the company and its officers to civil liability. Individuals who suffer damage or distress as a result of breaches of local legislation may be entitled to seek redress through the civil courts. Under the EU’s GDPR the organisation can be exposed to fines of up to EUR 20 million or 4% of the total worldwide annual turnover. Many organisations now recognise the significant impact that an adverse ruling can have on its operations. Aside from the business interruption, inconvenience and cost that will result from remedying breaches, a company that is seen to disregard the privacy of its employees, customers and suppliers may suffer considerable reputational damage. 12 months down the track, this is an opportune time for companies to conduct a review of their data protection compliance programmes.
By way of remainder, the key steps in establishing an effective data protection compliance programme for a corporate group are as follows:
The Brexit uncertainty continues. Once (or if) the UK leaves the EU and any relevant transition period expires, the UK will become a “third country” for the purposes of data protection law. This status will have a number of significant practical consequences for international data protection compliance programmes, in particular in relation to international data transfers, competent supervisory authorities and enforcement of the GDPR.
Organisations should obtain legal advice in relation to their organisation’s specific duties and responsibilities. Louise McAloon is a Partner specialising in employment & GDPR law in Worthingtons Solicitors, Belfast. For legal advice or details of seminars, policies and staff training packages available please telephone 028 90434015 or email [email protected].
Call 028 9043 4015 or Contact us