Log in
Register
Search
Search titles only
By:
Search titles only
By:
Log in
Register
Search
Search titles only
By:
Search titles only
By:
More options
Toggle width
Share this page
Share this page
Share
Facebook
Twitter
Reddit
Pinterest
Tumblr
WhatsApp
Email
Share
Link
Menu
Install the app
Install
Law Firm Directory
Apply to Paul, Weiss
Forums
Law Firm Events
Law Firm Deadlines
TCLA TV
Members
Leaderboards
Premium Database
Premium Chat
Commercial Awareness
Future Trainee Advice
Forums
Aspiring Lawyers - Interviews & Vacation Schemes
Commercial Awareness Discussion
Meaning of GDPR?
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Jaysen" data-source="post: 706" data-attributes="member: 1"><p>Ok here's a brief introduction to the GDPR. Part 2 will focus on how it will impact law firms and their clients.</p><p></p><p></p><p style="text-align: center"><u>The impact of the GDPR on businesses and law firms - Part 1</u></p> <p style="text-align: center"></p><p><strong>What is it?</strong></p><p></p><p>The General Data Protection Regulation or "<strong>GDPR</strong>" is an EU-wide regulation which regulates the processing of personal data. It's the biggest change to EU data protection law in decades and aims to harmonise the rules on data protection and security between member states.</p><p></p><p><strong>When is it happening?</strong></p><p></p><p>25 May 2018</p><p></p><p><strong>Who does it apply to?</strong></p><p></p><p>The GDPR applies to any EU-based organisation that controls and/or processes data. It also applies to organisations outside the EU, if they offer goods and services to, or monitor the behaviour of, EU citizens.</p><p></p><p>These organisations are called data controllers and data processors.</p><p></p><p><strong>What's the difference between a controller and a processor? </strong></p><p></p><p>A data controller determines why and how personal data is processed. A data processor processes personal data on behalf of the data controller.</p><p></p><p><em>For example, imagine MyStock is a company that sells stock photos to consumers. MyStock decides that it wants to track its website visitors. It hires Analytica, a website analytics company that tracks how users interact with websites. Here, MyStock is the data controller and Analytica is the data processor. </em></p><p><em></em></p><p><strong>Why does this distinction matter?</strong></p><p></p><p>The GDPR imposes different obligations on data controllers and data processors.</p><p></p><p>Data controllers should only hire data processors that prove to operate in compliance with the GDPR. They should also draw up a written contract in line with the GDPR requirements.</p><p></p><p>Data processors must implement measures to keep personal data secure, notify controllers of a data breach and maintain records of personal data and processing activities.</p><p></p><p>This is the first time that direct obligations are placed on data processors on an EU-wide level.</p><p></p><p><strong>Data breaches</strong></p><p></p><p>Under the GDPR, all organisations have to notify regulators 72 hours after they discover a data breach. They may also have to inform individuals if there’s a high risk that the breach adversely affects their rights and freedoms.</p><p></p><p><strong>Users also get rights under the GDPR:</strong></p><ul> <li data-xf-list-type="ul">The right to be informed about how personal data is collected and used.</li> <li data-xf-list-type="ul">The right to privacy information – the purpose for processing personal data, retention periods, and who it will be shared with.</li> <li data-xf-list-type="ul">The right to access personal data (users can submit a subject access request and find out what data a business has on them).</li> <li data-xf-list-type="ul">The right to have inaccurate personal data rectified.</li> <li data-xf-list-type="ul">The right to have personal data erased (the right to be forgotten).</li> <li data-xf-list-type="ul">The right to object to the processing of personal data.</li> </ul><p>And more…</p><p></p><p><strong>What happens if you don’t comply?</strong></p><p></p><p>There are two tiers of fines depending on the breach. The lower tier is a fine up to €10m or 2% of annual turnover. The second is a fine of €20m or up to 4% of annual turnover.</p><p></p><p>Much of the current fuss surrounding the GDPR is based on the increase in fines. Currently, the total fine in the UK is up to £500,000 (under the Data Protection Act).</p><p></p><p><strong>Who will be enforcing the GDPR in the UK?</strong></p><p></p><p>The Information Commissioner’s Office (ICO).</p><p></p><p><strong>What should companies do to prepare?</strong></p><ul> <li data-xf-list-type="ul">Determine whether they are a data processor or data controller.</li> <li data-xf-list-type="ul">Review how they use data, on what basis, and record these justifications.</li> <li data-xf-list-type="ul">Review their privacy policies and sign up forms.</li> <li data-xf-list-type="ul">Determine whether they need to ask existing customers for consent.</li> <li data-xf-list-type="ul">Put in place procedures to respond to a subject access request.</li> <li data-xf-list-type="ul">If they are outside the EU, appoint a representative inside the EU as a contact person.</li> <li data-xf-list-type="ul">Implement breach detection, investigation and reporting procedures, and keep a record of any breaches.</li> <li data-xf-list-type="ul">Bigger companies may need to hire consultants, implement training for staff and a review of their processes - estimates suggest the Fortune 500 will spend a combined sum of $7.8bn to comply.</li> <li data-xf-list-type="ul">Encrypt sensitive data.</li> <li data-xf-list-type="ul">Public authorities and certain companies that handle a lot of data will need to appoint a Data Protection Officer to advise the company on its obligations and monitor compliance.</li> </ul></blockquote><p></p>
[QUOTE="Jaysen, post: 706, member: 1"] Ok here's a brief introduction to the GDPR. Part 2 will focus on how it will impact law firms and their clients. [CENTER][U]The impact of the GDPR on businesses and law firms - Part 1[/U] [/CENTER] [B]What is it?[/B] The General Data Protection Regulation or "[B]GDPR[/B]" is an EU-wide regulation which regulates the processing of personal data. It's the biggest change to EU data protection law in decades and aims to harmonise the rules on data protection and security between member states. [B]When is it happening?[/B] 25 May 2018 [B]Who does it apply to?[/B] The GDPR applies to any EU-based organisation that controls and/or processes data. It also applies to organisations outside the EU, if they offer goods and services to, or monitor the behaviour of, EU citizens. These organisations are called data controllers and data processors. [B]What's the difference between a controller and a processor? [/B] A data controller determines why and how personal data is processed. A data processor processes personal data on behalf of the data controller. [I]For example, imagine MyStock is a company that sells stock photos to consumers. MyStock decides that it wants to track its website visitors. It hires Analytica, a website analytics company that tracks how users interact with websites. Here, MyStock is the data controller and Analytica is the data processor. [/I] [B]Why does this distinction matter?[/B] The GDPR imposes different obligations on data controllers and data processors. Data controllers should only hire data processors that prove to operate in compliance with the GDPR. They should also draw up a written contract in line with the GDPR requirements. Data processors must implement measures to keep personal data secure, notify controllers of a data breach and maintain records of personal data and processing activities. This is the first time that direct obligations are placed on data processors on an EU-wide level. [B]Data breaches[/B] Under the GDPR, all organisations have to notify regulators 72 hours after they discover a data breach. They may also have to inform individuals if there’s a high risk that the breach adversely affects their rights and freedoms. [B]Users also get rights under the GDPR:[/B] [LIST] [*]The right to be informed about how personal data is collected and used. [*]The right to privacy information – the purpose for processing personal data, retention periods, and who it will be shared with. [*]The right to access personal data (users can submit a subject access request and find out what data a business has on them). [*]The right to have inaccurate personal data rectified. [*]The right to have personal data erased (the right to be forgotten). [*]The right to object to the processing of personal data. [/LIST] And more… [B]What happens if you don’t comply?[/B] There are two tiers of fines depending on the breach. The lower tier is a fine up to €10m or 2% of annual turnover. The second is a fine of €20m or up to 4% of annual turnover. Much of the current fuss surrounding the GDPR is based on the increase in fines. Currently, the total fine in the UK is up to £500,000 (under the Data Protection Act). [B]Who will be enforcing the GDPR in the UK?[/B] The Information Commissioner’s Office (ICO). [B]What should companies do to prepare?[/B] [LIST] [*]Determine whether they are a data processor or data controller. [*]Review how they use data, on what basis, and record these justifications. [*]Review their privacy policies and sign up forms. [*]Determine whether they need to ask existing customers for consent. [*]Put in place procedures to respond to a subject access request. [*]If they are outside the EU, appoint a representative inside the EU as a contact person. [*]Implement breach detection, investigation and reporting procedures, and keep a record of any breaches. [*]Bigger companies may need to hire consultants, implement training for staff and a review of their processes - estimates suggest the Fortune 500 will spend a combined sum of $7.8bn to comply. [*]Encrypt sensitive data. [*]Public authorities and certain companies that handle a lot of data will need to appoint a Data Protection Officer to advise the company on its obligations and monitor compliance. [/LIST] [/QUOTE]
Insert quotes…
Verification
Our company is called, "The Corporate ___ Academy". What is the missing word here?
Post reply
Forums
Aspiring Lawyers - Interviews & Vacation Schemes
Commercial Awareness Discussion
Meaning of GDPR?
Top
Bottom
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
Accept
Learn more…
