The Bill, which aligns with the requirements of GDPR, will give individuals more control over their data, including the right for personal data to be erased. Firms will no longer be able to rely on default opt-out or pre-selected 'tick boxes' to give consent for organisations to collect personal data.
The data protection regulator, the Information Commissioner's Office (ICO), can issue high fines, of up to £17 million or 4% of global turnover for major breaches, which is aligned to the financial sanctions set out within GDPR. If firms fail to report data breaches financial penalties could be up to 2% of annual worldwide turnover or £8.5 million, whichever is greater.
Data breaches could also cause reputational issues for firms and there a risk of follow on claims from private individuals for compensation. This means that senior management may end up focusing on remediation activities instead of pursuing the firm’s strategy. In an increasingly digital focused world with disruptive technologies and changes to the ways of working, having senior management focused away from developing and managing the organisation is potentially as harmful as the direct financial cost.
Whilst many professional practice firms are advising their clients on GDPR obligations and UK data privacy compliance, there is a real need to ensure that firms themselves are compliant.
Our services cover a full spectrum of GDPR advisory services from providing firms with assurance that what they are doing is compliant to full support for firms currently without a GDPR project plan in place and limited resources.
Firms who have not yet commenced their GDPR project or have limited resources
Firms who have a well-established project plan and in-house team, which is resourced and progressing on track
If you would like us to help you to comply with the upcoming GDPR requirements please contact Richard Evans or your usual Crowe contact.