Jul 72017

BBC Publishes Article Describing GDPR Panic Among Businesses

William RM Long and Thomas Fearon
, , , , ,

Today the BBC published a news article on the panic many businesses are now in over the imminent implementation of the GDPR in May 2018.

According to the BBC article, some research indicates just 29% of UK businesses have begun to prepare for the GDPR. Another forecast was that European financial institutions could face fines of nearly €5 billion in the first 3 years following the GDPR’s coming into force.

The BBC article highlighted the way the GDPR changes how entities will be able to handle and use individuals’ personal data. One of the key changes highlighted in the article relates to cybersecurity.  The BBC highlighted the provisions requiring data breach notification to the relevant national data protection authority within 72 hours. This is a particularly salient provision in light of the storm of cyber-attacks that companies have had to contend with in the past few weeks, notably ransomware such as WannaCry and Petya.

Individuals’ rights are also greatly increased under the GDPR. By way of example, from May 2018 they will be able to demand that their data be erased (the “right to be forgotten”).

The BBC also highlights the risk of non-compliance. Firms that breach the rules under the GDPR may face fines of up to 4% of the group’s annual worldwide turnover. A spokesperson for the ICO, the UK’s data privacy watchdog, has stated that companies which place great store in protecting individuals’ personal data and market themselves as doing so will gain a competitive advantage over others.

Unfortunately, many businesses are unsure how to start the process of making the necessary operational changes to become GDPR compliant.  Research on preparedness for the GDPR has also indicated that a majority of companies affected by the new rules may not even be aware that they are subject to the GDPR. The BBC cautioned that if businesses do not take responsibility for GDPR implementation at the most senior levels of a company, the company will likely fail to become compliant by the fast approaching May 2018 deadline.

The BBC article is available here: http://www.bbc.co.uk/news/business-40441434

William RM Long

London

wlong@sidley.com

Thomas Fearon

tfearon@sidley.com

You might also like
UK Sets Out It’s “Pro-Innovation” Approach To AI Regulation

On 29 March 2023, the UK’s Department for Science Innovation and Technology (“DSIT”) published its long awaited White Paper on its “pro-innovation approach to AI regulation” (the “White Paper”), along with a corresponding impact assessment. The White Paper builds on the “proportionate, light touch and forward-looking” approach to AI regulation set out in the policy paper published in July 2022. Importantly, the UK has decided to take a different approach to regulating AI compared to the EU, opting for a decentralised sector-specific approach, with no new legislation expected at this time. Instead, the UK will regulate AI primarily through sector-specific, principles based guidance and existing laws, with an emphasis on an agile and innovation-friendly approach. This is in significant contrast to the EU’s proposed AI Act which is a standalone piece of horizontal legislation regulating all AI systems, irrespective of industry.

How the China Personal Information Protection Law Applies to Foreign Asset Managers

Since China’s Personal Information Protection Law (PIPL) came into effect in November 2021, there has been widespread uncertainty amongst offshore fund managers and investors with entities outside Mainland China as to how and whether the regime applies to them. Given the potential for foreign asset managers to overlook or misinterpret PIPL, this brief update outlines some guidance as to how PIPL can apply, and to whom, in a practical context.

EU Moving Closer to an AI Act – Key Areas of Impact for Life Sciences/MedTech Companies

The European Union is moving closer to adopting the first major legislation to horizontally regulate artificial intelligence. Today, the European Parliament (Parliament) reached a provisional agreement on its internal position on the draft Artificial Intelligence Regulation (AI Act). The text will be adopted by Parliament committees in the coming weeks and by the Parliament plenary in June. The plenary adoption will trigger the next legislative step of trilogue negotiations with the European Council to agree on a final text. Once adopted, according to the text, the AI Act will become applicable 24 months after its entry into force (or 36 months according to the Council’s position), which is currently expected in the second half of 2025, at the earliest.