HomeInsightsData Privacy: New Year New Blueprint


+44 (0)20 7612 9612

The Information Commissioner recognised the difficulty that the legislation presented to organisations and made it clear that there would be a grace period in place. That period however will come to an end on 26 May by which time we will all be expected to have a grasp on exactly what cookies we use and make sure we obtain consent for their use. The Commissioner published his ‘half-term report’ last month and made it clear that he felt many organisations ‘could do better’.

Of much greater significance in the long term is the publication of the EU’s proposed regulation covering the entire data privacy regime. A draft was leaked shortly before Christmas and its highlights include a number of changes which, if agreed, will have significant effect on us all. Top of the list, although not a surprise, is a requirement that all organisations notify the regulator (and in some not unlikely cases the individuals concerned) of a data breach, any data breach, within 24 hours – at the moment there is a degree of discretion. There is also a provision that makes the appointment of a data protection officer mandatory for public organisations and private companies with more than 250 employees and another which extends the amount that companies can be fined from 1% to 5% of global turnover for ‘reckless or intentional’ breaches. Add to that the introduction of new elements of data privacy in an individual’s ‘right to be forgotten’ and the concept of ‘data portability’ and the mix becomes a strong one.

Watch this space for news of further developments.

For all enquiries on this subject or any other data privacy related issue please contact Phil Gorski on +44 (0)207 927 9687 or Jason Chess on +44 (0)207 612 9612.