Jul 72017

BBC Publishes Article Describing GDPR Panic Among Businesses

William RM Long and Thomas Fearon
, , , , ,

Today the BBC published a news article on the panic many businesses are now in over the imminent implementation of the GDPR in May 2018.

According to the BBC article, some research indicates just 29% of UK businesses have begun to prepare for the GDPR. Another forecast was that European financial institutions could face fines of nearly €5 billion in the first 3 years following the GDPR’s coming into force.

The BBC article highlighted the way the GDPR changes how entities will be able to handle and use individuals’ personal data. One of the key changes highlighted in the article relates to cybersecurity.  The BBC highlighted the provisions requiring data breach notification to the relevant national data protection authority within 72 hours. This is a particularly salient provision in light of the storm of cyber-attacks that companies have had to contend with in the past few weeks, notably ransomware such as WannaCry and Petya.

Individuals’ rights are also greatly increased under the GDPR. By way of example, from May 2018 they will be able to demand that their data be erased (the “right to be forgotten”).

The BBC also highlights the risk of non-compliance. Firms that breach the rules under the GDPR may face fines of up to 4% of the group’s annual worldwide turnover. A spokesperson for the ICO, the UK’s data privacy watchdog, has stated that companies which place great store in protecting individuals’ personal data and market themselves as doing so will gain a competitive advantage over others.

Unfortunately, many businesses are unsure how to start the process of making the necessary operational changes to become GDPR compliant.  Research on preparedness for the GDPR has also indicated that a majority of companies affected by the new rules may not even be aware that they are subject to the GDPR. The BBC cautioned that if businesses do not take responsibility for GDPR implementation at the most senior levels of a company, the company will likely fail to become compliant by the fast approaching May 2018 deadline.

The BBC article is available here: http://www.bbc.co.uk/news/business-40441434

William RM Long

London

wlong@sidley.com

Thomas Fearon

tfearon@sidley.com

You might also like
FCC Proposes Updated Data Breach Reporting Requirements, Comment Period Ongoing

On January 6, 2023, the Federal Communications Commission (the Commission) released a unanimously adopted Notice of Proposed Rulemaking, “In the Matter of Data Breach Reporting Requirements” (Proposed Rule).  The Commission sought comments through February 22, 2023 on the Proposed Rule which will update its current data breach reporting rule. Reply comments are due on or before March 24, 2023.

Substantial changes to Hong Kong’s privacy laws coming

In a briefing to the Legislative Council (Hong Kong’s legislative body) on February 20, 2023, the Privacy Commissioner (“the Commissioner”) announced that substantive amendments to the Personal Data (Privacy) Ordinance (“PDPO”) will take place.

It Is Now More Difficult For International Pharma To Transfer Data Out Of China

China’s new Measures for the Security Assessment of Outbound Data Transfers (the “Measures”) came into force on September 1, 2022. Pharma companies now have until February 28 to work out whether their activities mean they are affected, and to apply for the new type of data security assessment if they need it.