With the 28 May 2018 deadline for GDPR compliance fast upon us, here are some top tips from two leading UK lawyers, extracted from IDG’s Computerworld UK article, GDPR legal advice: lawyers give their top tips for GDPR preparation.

The EU GDPR post-Brexit

“The GDPR will come into force before Brexit so compliance will still be required for UK companies. Even after Brexit, we will most likely live here in the UK in a GDPR and the E-Privacy lookalike environment.” – Gabriel Voisin, partner, Bird & Bird

Data mapping

“It’s important to make sure that US clients are aware of and understand that ‘personally identifiable information (PII) is not the same as the ‘personal data’ term that is used in the GDPR. The term ‘personal data’ is broader and covers information such as online identifiers, device IDs, IP addresses, RFID.” – Gabriel Voisin, partner, Bird & Bird

Avoiding GDPR fines

“The new regulation is a binding legislative act, whereas the previous directive set out data law goals to all EU countries. This means you might have been getting away with data law breaches previously, but you could be facing huge fines if you do not get your data in order before May 2018.” – Tobias Guenther, senior legal counsel and data protection officer for Mapp Digital

Reviewing third party supplier contracts

“Review which suppliers you use and whether you have an agreement in place. If that’s not the case, you need to get data processing agreements set up before May 2018. Regarding consumer consents, the GDPR says consent will only be given for certain data processing by a clearly identified person or party. Using unspecified third parties will result in invalid consent.” – Tobias Guenther, senior legal counsel and data protection officer for Mapp Digital

New marketing rules

“In the UK, consent requirements in the direct marketing rules will not apply if you contact individuals to conduct genuine market research. However, you cannot avoid them by labelling an email as a survey or market research if it is actually trying to sell goods or services.

“It’s also important to be aware that certain EU countries such as Germany and France take a more stringent approach on the question of market research via email and consider that this type of activity is direct marketing.” – Gabriel Voisin, partner, Bird & Bird

The training experts at Me Learning, in conjunction with data privacy specialists Clayden Law, have developed a wide portfolio of online GDPR courses. For more information click here.

Similar Posts

When the ICO bites, it hurts

When the ICO bites, it hurts

Articles

While it’s unlikely to use their enormous power under GDPR, an ICO investigation can do serious damage to an organisation’s reputation and even be the catalyst for closure. Here are three organisation

The impact of GDPR on charities

The impact of GDPR on charities

Articles

The new General Data Protection Regulations (GDPR) come into force on 25th May 2018, with some key implications for charities. Ultimately, charity revenues could be hit hard if these issues aren’t add

How to achieve payroll compliance under GDPR

How to achieve payroll compliance under GDPR

Articles

Payroll management involves processing a lot of sensitive employee data, so it factors highly in concerns surrounding GDPR compliance. If you’re unsure if you’re compliant, or work with third party pa

How to prepare for GDPR

How to prepare for GDPR

Articles

So, it’s just over a year until GDPR will be enforced by the EU, and yes, even with Brexit on the horizon, businesses in the UK must ensure they comply.