Debate: “The European Union’s new data protection rules will impose unnecessary burdens on businesses – Yes or No?”
Business leaders are worried that the European Union’s General Data Protection Regulation (GDPR), scheduled to come into effect in early 2018, will seriously harm their commercial interests. It will force them to improve the privacy rights of EU citizens and report data breaches within three days, rules that will be difficult and costly to comply with. Penalties for non-compliance could be as high as 4% of global turnover. However, British businesses could be spared the hassle if Brexit means the UK does not implement the Regulation.
Research conducted by GO DPO®, the strategic partner for the Henley Data Protection Officer (DPO) Programme, estimates that around 7,000 large companies (employing in excess of 250 employees) will need to recruit and train at least one DPO each over the next 24 months irrespective of whether or not the UK votes to leave the EU.
On the basis that there are a total of 496 working days (excludes public and Bank Holidays and all weekends) between now and when the EU General Data Protection Regulation (GDPR) comes into full force on 25 May 2018, that means there will be a requirement to train around 14 ...Read More
Under Section 166, Financial Services and Markets Act 2000, the FCA has the power to order an independent “skilled persons report” that focus on specific issues that have been identified by the FCA as requiring investigation at the regulated firm.
Whilst it’s the FCA that requires the undertaking of a report by a skilled person, it’s the regulated firm being investigated that commissions it in agreement with the FCA and also and bears the cost of this report. The ‘skilled person’ will normally report directly to the FCA as well as to the firm being investigated.
Normally a skilled person’s report will focus on specific regulatory issues, such as the protection and processing of customer data and the correct policies, procedures and processes required to be implemented in ord...
In a news statement issued by the European Parliament at 1.12pm (European Time):
New EU data protection rules which aim to give citizens back control of their personal data and create a high, uniform level of data protection across the EU fit for the digital era was given their final approval by MEPs on Thursday. The reform also sets minimum standards on use of data for policing and judicial purposes.
Parliament’s vote ends more than four years of work on a complete overhaul of EU data protection rules.
The reform will replace the current data protection directive, dating back to 1995 when the internet was still in its infancy, with a general regulation designed to give citizens more...Read More
The Council of Ministers has just published its FINAL TEXT of the EU General Data Protection Regulation (GDPR) and its statement for reasons for the biggest shake up in data protection and privacy for nearly two decades.
In an official communique, dated 4 April 2016, the General Secretariat of the Council said:
At its 3445th meeting on 12 February 2016, the Economic and Financial Affairs Council reached political agreement on the Council’s position at first reading on the (GDPR). After finalisation by the legal/linguistic experts, the text of the Council’s position at first reading (5419/16) will be available in all official languages of the European Union by the end of the day on 6 April 2016...Read More
As the co-programme director for the DPO Certificate at Henley Business School, it was my job to help navigate the delegates through the thicket of the EU General Data Protection Regulation (GDPR) as well as flagging up stuff that organisations need to do now during the two-year transition period.
If you would like a copy of my presentation, feel free to get in touch with me on this website and I’d be happy to send it to you.
My short talk focused on the practical implications for organisations and HR departments in the ...