Better Late Than Never: Protecting Data

Scroll Down
Home > Knowledge Hub > Better Late Than Never: Protecting Data
By Peter Kouwenberg
Partner – Head of Commercial

25 February 2020

Article Insights

The business world held its breath as 25 May 2018 came and went, the day which heralded the implementation of the General Data Protection Regulation (GDPR), two years after publication.

Guidance from the Information Commissioner’s Office suggested that the regulator would not necessarily flex its muscles immediately and seek to hit offenders with the maximum penalty (up to €20m or four percent of global turnover) for contraventions, whilst also highlighting the fact that businesses had already had ample time to get their houses in order.

It was over a year before the first major penalties were issued, with proposed fines of £183m and £99m to British Airways and the Marriott hotel chain respectively for failing to keep personal data secure. We can expect an increase in such cases, with possible criminal sanctions for more serious GDPR breaches.

Just as damaging is the bad publicity and reputational harm which a business can suffer following a data subject’s complaint that data has been obtained, stored or shared unlawfully.

For many organisations, it is a relatively straightforward task to conform to the new legislation. However, it is essential that all measures are clearly documented in order to demonstrate this.

Essential steps for any business include:

  • Auditing data flow and recording where data enters and leaves the business.
  • Documenting the lawful basis for each activity the business carries out with the data.
  • Implementing appropriate technical and organisational security measures.
  • Updating its contracts, particularly between data controllers and data processors.
  • Ensuring that data subjects are able to enforce their rights under the GDPR.
  • Sharing all information in an up to date Privacy Notice.

Contact Peter Kouwenberg at peter.kouwenberg@taylorwalton.co.uk or on 01582 390411 to arrange a free, no obligation meeting or telephone conference to discuss your data protection needs.

Disclaimer: General Information Provided Only
Please note that the contents of this article are intended solely for general information purposes and should not be considered as legal advice. We cannot be held responsible for any loss resulting from actions or inactions taken based on this article.

Insights

Latest Insights

Photo of city skyline
02 October 2025

What are directors’ duties?

For most, being a director of a company is hard work: you’ve put the blood, sweat and tears into setting… read more
A picture of a small village street lined with houses and shops
24 September 2025

SDLT – Why is it back in the headlines?

We have all seen the reports in the press about the former deputy prime minister, Angela Rayner. It comes as… read more
Picture of a doctor making notes on a patient in the background
23 September 2025

Employee awarded £1.2m after employer mishandles sickness absence – how can employers avoid getting it wrong?

In the recent case of Wainwright v Cennox plc, the Employment Tribunals considered a situation where an employee discovered that… read more

Request a call back

We’ll arrange a no-obligation call back at a time to suit you.

SEND