With the 28 May 2018 deadline for GDPR compliance fast upon us, here are some top tips from two leading UK lawyers, extracted from IDG’s Computerworld UK article, GDPR legal advice: lawyers give their top tips for GDPR preparation.
The EU GDPR post-Brexit
“The GDPR will come into force before Brexit so compliance will still be required for UK companies. Even after Brexit, we will most likely live here in the UK in a GDPR and the E-Privacy lookalike environment.” – Gabriel Voisin, partner, Bird & Bird
Data mapping
“It’s important to make sure that US clients are aware of and understand that ‘personally identifiable information (PII) is not the same as the ‘personal data’ term that is used in the GDPR. The term ‘personal data’ is broader and covers information such as online identifiers, device IDs, IP addresses, RFID.” – Gabriel Voisin, partner, Bird & Bird
Avoiding GDPR fines
“The new regulation is a binding legislative act, whereas the previous directive set out data law goals to all EU countries. This means you might have been getting away with data law breaches previously, but you could be facing huge fines if you do not get your data in order before May 2018.” – Tobias Guenther, senior legal counsel and data protection officer for Mapp Digital
Reviewing third party supplier contracts
“Review which suppliers you use and whether you have an agreement in place. If that’s not the case, you need to get data processing agreements set up before May 2018. Regarding consumer consents, the GDPR says consent will only be given for certain data processing by a clearly identified person or party. Using unspecified third parties will result in invalid consent.” – Tobias Guenther, senior legal counsel and data protection officer for Mapp Digital
New marketing rules
“In the UK, consent requirements in the direct marketing rules will not apply if you contact individuals to conduct genuine market research. However, you cannot avoid them by labelling an email as a survey or market research if it is actually trying to sell goods or services.
“It’s also important to be aware that certain EU countries such as Germany and France take a more stringent approach on the question of market research via email and consider that this type of activity is direct marketing.” – Gabriel Voisin, partner, Bird & Bird
The training experts at Me Learning, in conjunction with data privacy specialists Clayden Law, have developed a wide portfolio of online GDPR courses. For more information click here.