0191 232 0283
0191 261 6956
info@srflegal.co.uk
Follow us
    • About
      • SRF TODAY
      • OUR TEAM
      • CAREERS
      • CONTACT & LOCATIONS
    • Commercial
      • Corporate and Commercial
      • Commercial Property
      • Dispute Resolution
      • Debt Recovery
      • Employment Law
      • Insolvency
      • Regulation and Financial Crime
    • Private Client
      • Family Law
      • Wills, Trusts and Probate
      • Buying and Selling Property
    • News & Events
      • FIRM NEWS
      • EVENTS & SEMINARS
      • SRF NEST
    1. Home
    2. News
    3. General Data Protection Regulation 2016: could your failures to protect data leave your company insolvent?

    General Data Protection Regulation 2016: could your failures to protect data leave your company insolvent?


    Published on: 10th July 2017

    The General Data Protection Regulation (GDPR) comes into force in just under 11 months. 

    The Information Commissioner Elizabeth Denham has stated the GDPR is “a game changer”.  However, the majority of this regulation is already covered by the Data Protection Act 1998 and as such companies should already be compliant with most of the GDPR.  From keeping detailed records of all personal data and accompanying consent, to only keeping said data for a specified purpose and not retaining it for decades.

    The issue therefore arises when companies review their data protection policies and see that, in fact, they have not been compliant for nearly 20 years!

    Accountability

    Accountability is the new buzzword for the data protection world. Companies are accountable for their actions and are accountable to the public.  The GDPR extends the rights of the public to include for example a request that any/all information is deleted from all databases under the “right to be forgotten”.

    Alongside this, individuals can make a subject access request for all of their personal data held by a company and a company will have to provide the information, rectify it if required and delete any/all information if the individual requests.

    The recent cyber-attacks have emphasised the need for companies to be alert to protecting the public’s personal data or they will find themselves being fined by the ICO.  Recently, Berkshire-based Boomerang Video Ltd was fined £60,000 for failing to take basic steps to stop its website being attacked.  This is likely only the beginning of the ICO’s action in relation to websites, systems and databases being hacked.

    Where do the weaknesses lie?

    Weaknesses in data protection lie in a lack of knowledge and understanding.

    Although many employees will be aware of the term “data protection”, not as many will be aware that their day to day actions are creating weaknesses in the firm.  Such simple things as taking work home with them significantly increases the likelihood of a data breach.  

    What if their home is burgled?  What if they leave the information in the car whilst they run into the shop and the car is stolen?  What if the documents or unencrypted laptop is left on the train?

    This is something a business will have to educate their staff on from the board to the new starters.

    Increase of fines

    Currently the ICO can fine a maximum of £500,000 for breaches of the Data Protection Act.  One of the highest fines to date was Talk Talk, the UK telecoms company, who were fined £400,000 for failing to prevent a major customer data breach.  This was their second fine from the ICO and indicated that the ICO were ready and waiting to enforce against companies that do not take data protection seriously.

    The GDPR will change this.  The maximum fine under the GDPR is €20,000,000 or 4% of the company’s global turnover.  This is a dramatic leap in enforcement and shows how important the protection of personal data has become due to the rise in the digital age and the ease at which information can now be transferred.

    These fines could be fatal to companies.  The ICO will not worry about the company’s financial status when determining the value of a fine.  The fines will be based on the gravity of the breach itself and as such businesses may be unable to pay and face insolvency procedures.

    Sheila Ramshaw, of Short Richardson & Forth, says:

    For many companies, the damage to their reputation by being named on the ICO Website is equally as devastating as the financial beauty imposed on them

    Are you prepared?

    Many businesses do not understand their obligations and sadly believe that they do not have the time to understand them. 

    This mind-set needs to be changed. Every business will be affected and as such everyone needs to be prepared to evidence that they have taken reasonable steps to protect personal data in order to stop the ICO from bringing a fine to their door.

    Preparing for the GDPR is not a simple review and many businesses will need time to amend policies, appoint a Data Protection Officer (where necessary), train staff and ensure that they have a compliant culture across the firm.  Make sure that you are one of the businesses prepared for the upcoming changes.

    Short Richardson & Forth have a dedicated GDPR team working with businesses to ensure compliance prior to the GDPR coming into force in May 2018.

    If you would like advice on the GDPR and how to prepare, please contact Andrew Swan or Sheila Ramshaw on 0191 232 0283 or at as@srflegal.co.uk and Sheila.Ramshaw@srflegal.co.uk respectively.

    MORE

    • The FCA proposes tighter controls over Appointed Representatives (ARs)
    • Landlords and CVAs – CVAs triumph again
    • What is a Section 166 Notice from the FCA?
    • ICO calls businesses into action for the Children’s Code
    • Administrators’ duty of care in company sales
    • Breach of confidence by administrators
    • Liability of jointly appointed administrators
    • Telephone maintenance
    • The Financial Conduct Authority are looking to refuse my application for authorisation, what should I do?
    • ICO enforcement during Coronavirus public health emergency
    • Property possession: how do you proceed post-pandemic?
    • Losing the right to terminate supply: the impact of the Corporate Governance and Insolvency Act 2020
    • Employee claims in liquidation
    • Speeding during lockdown – the consequences of a heavy right foot!
    • Furlough Fraud – to confess or not confess: that is the question?
    • Finding The Time to Recap on Inheritance Tax Allowances
    • Coronavirus Causing A Surge in Wills and Powers of Attorney: Keeping Safe While Getting Affairs In Order And An Appreciation For Our NHS
    • The first ever compensation order
    • Driving and ‘using’ mobile phones – an update
    • Uber’s Huge Data Breach Hush-Up
    • Company Directors Oblivious to New Data Protection Rules
    • Warning for workers following data protection prosecution
    • Financial Crime Response Reforms to be Announced by end of 2017
    • Charities - Still Chugging Along?
    • Constructive dismissal explained - Podcast
    • ICO warns companies about the costly consequences of making nuisance calls
    • Charities - New Challenges New Opportunities
    • Breast Cancer Charity is first to be given official warning from the charity commission
    • Tata Fined £1m After Staff Exposed to Toxic Gas
    • Talk Talk Fined by ICO Again....
    • Claims Management Regulator Annual Report Summary 2016 - 2017
    • A New Data Protection Bill: Planned Reforms
    • Supreme Court delivers ground breaking decision on ET fees
    • New Regulator, New Preference Service, New Rules!
    • New Support Lawyer Joins Regulatory Law Department
    • ICO Publishes International Strategy
    • General Data Protection Regulation 2016: could your failures to protect data leave your company insolvent?
    • Signs of flexibility in EU markets?
    • Ransomware. Are you the victim or the perpetrator?
    • Transfer of claims management regulation – are you FCA ready?
    • The Best Possible Deal
    • Lobbying Act 2014: are you aware of its impact?
    • Deal or no Deal
    • Leap into the unknown
    • Newcastle law firm form specialist team
    • Newcastle University
    • Brexington Post - Issue 3
    • Supreme Court Ruling
    • Average Speed Camera Myth Buster
    • 12 days (and perils) of Christmas
    • Rising Star : Alexandra Withers
    • SRF Appoints Christine McVay as Head of its Family Law Division

    CONTACT US

  • 4 Mosley Street
    Newcastle upon Tyne NE1 1DE
    Tel: 0191 232 0283 Fax: 0191 261 6956
    Email: info@srflegal.co.uk
    DX: 61037 Newcastle

    Short Richardson and Forth Solicitors Limited is a private limited company registered in England and Wales under company No. 10572065, authorised and regulated by the Solicitors Regulation Authority No. 637150.

    Short Richardson and Forth Solicitors Limited is a private limited company constituted and run in accordance with the provisions of the Companies Act 2006. The term “partner” has been used to denote individual senior solicitors employed by Short Richardson and Forth Solicitors Limited.

    Website Privacy Policy

    Complaints Procedure

    • ABOUT
    • SRF Today
    • Our Team
    • Careers
    • Contacts & Location
    • COMMERCIAL
    • Corporate and Commercial
    • Commercial Property
    • Dispute Resolution
    • Debt Recovery
    • Employment Law
    • Insolvency
    • Regulation and Financial Crime
    • PRIVATE CLIENTS
    • Family Law
    • Wills, Trusts and Probate
    • Buying and Selling Property
    • NEWS & EVENTS
    • Firm News
    • Events & Seminars
    • SRF Nest