You should all by now be into the final stages of implementing plans for the impending new legislation on GDPR which comes into effect on Friday 25th May 2018.
There has been much written in the media and we are sure you will have been bombarded with information from various providers seeking to offer solutions.
The first thing to remember in all of this is the fundamentals have not really changed. The regulations are a consolidation and update of existing laws. There are some rights which are now requirements but the main difference is that firms need to demonstrate that they are taking steps to protect personal client, employee and supplier data that will avoid the now punitive fines that The Information Commissioner’s Office (ICO) can levy.
Suppliers will often not consider on what basis they are contracting for the supply of goods or services. This may be as they feel they can deliver on the contract and so there is no risk. Often, the issue for many is that they do not foresee a potential liability arising. Others may believe that they are contracting on their standard terms of business, though often these are not brought to the attention of the customer, either at the point of contracting, or at all. This note examines the potential issues facing a supplier through lack of a suitable contract.
The current legislation in relation to data protection in England and Wales is the Data Protection Act 1998 which was derived from the European wide Data Protection Directive (95/46/EC). The General Data Protection Regulation (GDPR) is due to come into force in May 2018. Whilst many of the provisions are already covered by the Data Protection Act, there are important new provisions of which businesses need to be aware.
Businesses selling on line should now be used to EU derived regulation applicable to on line sales. In the latest major change to the legal requirements for businesses selling on line since the introduction in 2014 of the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013, the European Commission’s On-line Dispute Resolution (ODR) site goes live to on-line consumers from 15th February 2016.