Saturday, 26 March 2016

GDPR Application To Businesses Outside Of The EU

The General Data Protection Regulation (GDPR) is a single EU law which plans to harmonise the current data protection laws within the European Union (EU) and is scheduled to come into force in 2016.
The proposed GDPR will be applicable to certain businesses situated outside the EU that process personal data. A non-EU establishment will be accountable to the proposed law on condition that:

Goods and services are offered to EU data subjects (whether for free or at an expense) or
Supervise the behaviour of EU data subjects.
Click here for more details..

Contact Details:
Nath Solicitors Limited
4/4a Bloomsbury Square,
London, WC1A 2RP
Tel: 02076816073
Mob: 07545813894
Email: shubha@nathsolicitors.co.uk
Web: http://www.nathsolicitors.co.uk/
Posted by at No comments:
Labels: , , , ,
Location: London, UK

Thursday, 24 March 2016

Personal Data Risk Assessments


Personal Data Risk Assessments
With increased rights for data subjects and heavy fines for businesses we have set a simple guideline which businesses should be considering now in preparation for the new General Data Protection Regulation (“Regulation”) which will be in force in 2016. These include the following:
Determine whether your organisation is subject to the proposed Regulation by assessing if business is carried out with European customers or customers outside of Europe.
  • Carry out an audit of the data held by your organisation;
  • What data do you have?
  • Why do you have it?
  • How long you have held the data?
  • How you use that data?
Ensure contracts with data processors are thoroughly reviewed (for example) to determine where cloud data is hosted, how it is backed up and how it is encrypted.
Carry out a gap analysis of the systems and processes you currently have in place: consider which other things will require implementation to demonstrate your compliance with the new Regulation.
Once you have carried out your analysis above, implement systems and procedures to ensure compliance with data protection laws. These may involve putting any policies and procedures in place to handle issues which arise (such as what should staff do in the event of complaints/data breach/subject access request).
Review your company processes as to how customer consent to marketing is obtained and recorded within your organisation. Content source....

Contact Details:
Nath Solicitors Limited
4/4a Bloomsbury Square,
London, WC1A 2RP
Tel: 02076816073
Mob: 07545813894
Email: shubha@nathsolicitors.co.uk
Web: http://www.nathsolicitors.co.uk/
Posted by at No comments:
Labels: , , , ,
Location: London, UK

Tuesday, 22 March 2016

General Data Protection Regulation

General Data Protection Regulation

Data protection laws are based upon the Data Protection Directive that was introduced in 1995. Given the vast technological changes that have since taken place in the last twenty years’ the time has arrived to update these laws. The new General Data Protection Regulation (“Regulation”) is being finalised with a view to being introduced in 2016. The Regulation will come into force in early 2018 – two years from the date it is finally adopted.

We set out 10 of the key changes below:

  • Harmonisation
The Regulation will harmonise DP laws in a single framework to apply across all EU member states. The uniformity in laws across Europe means more certainty for businesses.
  • Expanded Territorial Scope (Article 3)
Businesses located outside of the EU offering goods/services to EU consumers or monitoring consumer behaviour will need to consider whether their businesses will be affected by the compliance obligations under the new Regulation and whether they may have to comply with the new Regulation. Final details are awaited.
  • Consent (Article 7)
Consent will be considered as given to data controllers by way of a clear affirmative action that establishes freely given, specific, informed and unambiguous indication by data subjects that permission to process personal data e.g. written or oral statement. Consent will involve all processing activities which are for the same purpose whereas as multiple purposes will require consent for each purpose.
  • Increased Enforcement (Article 78)
Fines have increased significantly with maximum fines of €20 million or in case of an undertaking 4% of the businesses’ annual worldwide turnover whichever is greater. Supervisory authorities must ensure that the administrative fine imposed is effective, proportionate and dissuasive.
  • Strict Data Breach Notification (Article 31 and 17b)
Strict breach notification measures will require all businesses to inform the supervisory authority of all data breaches that present risk to the rights and freedoms of data subjects. Breach notification must be without undue delay and, where feasible, within 72 hours.

The new Regulation proposes that data subjects affected by the breach must be notified by data controllers, unless impossible or disproportionate in effort, in circumstances where the breach could inflict serious harm.  Content source......

Contact Details:
Nath Solicitors Limited
4/4a Bloomsbury Square,
London, WC1A 2RP
Tel: 02076816073
Mob: 07545813894
Email: shubha@nathsolicitors.co.uk
Web: http://www.nathsolicitors.co.uk/
Posted by at No comments:
Labels: , , , , ,
Location: London, UK
Subscribe to: Comments (Atom)