News

Major changes to data and privacy regulation are coming in May 2018. Is your business ready?

Register now for GDPR workshops organised by Ortolan People

The EU General Data Protection Regulation (GDPR) is the biggest global regulatory development in in 20 years and will harmonise data protection standards across EU member states. Every company or organisation that uses the personal data of EU residents has until 25 May 2018, to comply with the GDPR. Failure to comply, or getting compliance wrong, could have extremely costly consequences with fines of up to €20 million or up to 4% of annual global turnover – whichever is greater.

Given the magnitude of potential GDPR fines, compliance must be a priority on the agendas of the board and senior management with a particular focus on comprehensive employee data protection training, which can result in a reduction in the level of fines.

With just over 6 months until the GDPR takes effect now is the time to pay attention. However, despite this, 55% of UK businesses are not confident they’ll be able to comply with GDPR by the May 2018 deadline and only 6% of UK businesses have made it a priority as opposed to 30% of businesses in France and 25% in Benelux. Perhaps this is due to confusion over Brexit, but be assured, if you’re a UK business handling EU citizen data, GDPR will still apply.

Organisations found in breach of the GDPR face regulatory sanctions and reputational damage, at a minimum. The scale at which these changes are coming – and the fines that come with them – is monumental. As outlined above, large organisations could suffer a massive setback if fined 4% of their annual income, but for SMEs, the potential threat of a regulatory fine may be enough to shut them down for good.

Human error causes most data breach incidents. Something as simple as attaching the wrong document to an email may seem like a harmless mistake, but if that attachment contains information about any individual from an EU country, this will likely put your company in breach of new GDPR regulations. Therefore, it’s important to ensure that your business avoids accidental data breaches by training your employees. Make sure employees understand what they need to do to remain compliant and avoid simple mistakes.

Employees should understand the financial and reputational risks to the organisation in the event of data breaches within the organisation. One of the new aspects of GDPR will be an obligation to report data breaches within 72 hours to the Information Commissioner’s Office (ICO), as well as potentially notifying individuals who have had their data compromised.

Training has always been an important element of compliance for data protection and even more so with the GDPR, given that an important component of the new regulation is the need for organisations to provide evidence of their compliance (currently such reporting is not obligatory).  Under GDPR, employee training and the recording and monitoring of employee training will be a vital aspect of every company’s reporting obligations.

Additionally, under Article 43, the GDPR requires “the appropriate data protection training to personnel having permanent or regular access to personal data” and the ICO will assess a company’s overall commitment to data protection and the adequacy of its compliance with the GDPR. Accordingly, the quality of training and commitment for further employee development is key and it is strongly encouraged to spread the message about privacy, data protection and security across all employees in the company. In particular, all employees who have access to personal data as part of their role, should be made aware of their responsibilities under the GDPR.

Being GDPR compliant will not only save your business from GDPR fines, but will also reduce the risk of brand and reputational damage. By taking the time to prepare properly today, your business will reap the benefits in the years to come.

Ortolan People is not part of Ortolan Legal.  It’s a professional services company which provides HR support to businesses including recruitment, training and assessment services.  Ortolan People has partnered with GDPR experts to offer training in this area, including several GDPR workshops over the next few months.  These will provide your employees with an understanding of data protection rights and responsibilities in line with the new GDPR.  To register your interest in attending one of these workshops and to take advantage of discounts available on training fees through Ortolan People, please click this link to contact Ortolan People or send an email to GDPR@ortolan.com. 

Posted on 11/08/2017 by Ortolan

Get in Touch

If you would like to know more about Ortolan Legal and how we can help you reduce your ongoing recruitment costs, get in touch!

Email us now

   Or call 020 3743 0600

Unipart Group has used Ortolan Legal’s services to supplement our in-house legal team for a number of years. We keep coming back to them because their unique combination of experienced, high quality lawyers at extremely cost-effective rates sets them apart from other law firms. It also has to be said that their team are personable, highly commercial and very responsive. I would recommend them without reservation.

Richard Collins, Group Legal Director Unipart
See All
Receive news & updates from Ortolan Legal

Meet the Team

  • Nick Benson Nick Benson I qualified as a commercial and corporate solicitor…
  • Liz Delgado Liz Delgado I qualified as a solicitor in 1995 after studying…
  • Carrie Beaumont Carrie Beaumont I qualified as an Employment specialist in 2008. I…