Bring privacy to the board, says HBJ Gateley

Tighter EU controls on data protection practice mean the subject should be an agenda item at every board meeting, according to HBJ Gateley.

Helena Brown, head of the firm’s data protection practice, told guests at a seminar yesterday that the new General Data Protection Regulations (GDPR) will still be brought into force in the UK on 25 May 2018 despite June’s vote to leave the EU.

The changes mean any organisations which handle personal data will be required to meet stringent privacy obligations to avoid a fine of up to four per cent of global turnover. The extended scope of the regulation means that for the first time organisations classed as “processors” will have liability for fines – that will include IT companies marketing firms and advisers as well as others – the outgoing legislation only applies to data controllers.

Ms Brown warned the vote to leave the EU would not diminish the expectation of full compliance with the GDPR, and companies should start making preparations now.

She said: “All the organisations I’m working with are full steam ahead on compliance with the new regulations because the very strong message is that this will come into UK law as planned. They see this as a boardroom issue – the political and legislative momentum behind it means the subject really should be on the agenda for every board meeting in every organisation.

“In reality, the increasing globalisation of business means that regardless of where the dust settles on Brexit, if we want to continue to do business with the rest of Europe, we’ll have to observe the same standards on data protection.

“The expectation of responsible use of personal information doesn’t change, either from the law makers or from the general public. Everything is moving towards protecting the rights of individuals as it relates to their personal information – the legal position just underlines the importance.”