Businesses: Don’t Ignore the Data Protection Act

Year Published: 2019

The Data Protection Act 2018 (DPA) is the UK’s implementation of the GDPR (General Data Protection Regulations). The law controls how personal information is used by businesses and other organisations. It was designed to protect the personal data and information relating to individuals and also boosts the individual’s rights and gives them more control over their information.

The law requires businesses that process/handle and store the information of their customers to overhaul their data management processes and practices so as to ensure that their internal procedures are compliant with the core data protection principles set out in the GDPR, relating to fairness, lawfulness and transparency of data processing.

Data ProtectionCompliance is not optional

The advice that we are giving to our clients is ‘ignore the Data Protection Act/GDPR at your own peril’. Compliance is not optional and will be rigorously enforced by the Information Commissioner’s Office (ICO) which is the regulator and the body responsible for enforcing the DPA and issuing fines.

In my experience, many businesses have not treated the new law with the seriousness it demands and the ICO has expressed concern that many businesses appear not to be complying. The very clear message that is being communicated is that compliance must now be taken seriously. Furthermore, it will also be critical for businesses to ensure that compliance with the law is embedded at a deeper level, by ensuring that data protection becomes part of the culture of the organisation.

What is also clear, is that there is increased privacy awareness among consumers and internet users. Individuals have become increasingly aware of their data protection rights and this heightened awareness is likely to result in more requests from individuals to exercise their rights and submit complaints to businesses. This may ultimately lead to increased investigations and enforcement actions by the ICO.

Information Commissioners Office warning

The ICO have suggested that they intend to intensify their enforcement activities over the coming months. The maximum fine for a business is 4% of annual (global) turnover or ‘20 million euros’, whichever is the greater. The ICO can also take a range of other actions, including imposing a temporary or permanent ban on data processing, which in many cases could bring a business to its knees.

In light of this, it is vital that businesses ensure that they understand their legal obligations and prioritise compliance. It will take time and effort to ensure the necessary practices and documents are in place in your business to demonstrate compliance.

For further information contact Kaye Whitby, Head of Commercial Law at SAS Daniels on 01244 305 900 or email [email protected].

Related Tags: , , , , , , , , ,

Your Key Contact:

Share This:

Disclaimer: Our insight & opinion content provides general information and although we endeavor to ensure that the content is accurate and up-to-date, no representation or warranty, express or implied, is made as to its accuracy or completeness and therefore the information should not be relied upon. The content should not be construed as legal or other professional advice and SAS Daniels LLP disclaims liability for any loss, howsoever caused, arising directly or indirectly from reliance on the information on this website. Please seek appropriate legal advice from one of our suitably qualified lawyers if you require assistance.