Better Late Than Never: Protecting Data

Scroll Down
Home > Knowledge Hub > Better Late Than Never: Protecting Data
By Peter Kouwenberg
Partner – Head of Commercial

25 February 2020

Article Insights

The business world held its breath as 25 May 2018 came and went, the day which heralded the implementation of the General Data Protection Regulation (GDPR), two years after publication.

Guidance from the Information Commissioner’s Office suggested that the regulator would not necessarily flex its muscles immediately and seek to hit offenders with the maximum penalty (up to €20m or four percent of global turnover) for contraventions, whilst also highlighting the fact that businesses had already had ample time to get their houses in order.

It was over a year before the first major penalties were issued, with proposed fines of £183m and £99m to British Airways and the Marriott hotel chain respectively for failing to keep personal data secure. We can expect an increase in such cases, with possible criminal sanctions for more serious GDPR breaches.

Just as damaging is the bad publicity and reputational harm which a business can suffer following a data subject’s complaint that data has been obtained, stored or shared unlawfully.

For many organisations, it is a relatively straightforward task to conform to the new legislation. However, it is essential that all measures are clearly documented in order to demonstrate this.

Essential steps for any business include:

  • Auditing data flow and recording where data enters and leaves the business.
  • Documenting the lawful basis for each activity the business carries out with the data.
  • Implementing appropriate technical and organisational security measures.
  • Updating its contracts, particularly between data controllers and data processors.
  • Ensuring that data subjects are able to enforce their rights under the GDPR.
  • Sharing all information in an up to date Privacy Notice.

Contact Peter Kouwenberg at peter.kouwenberg@taylorwalton.co.uk or on 01582 390411 to arrange a free, no obligation meeting or telephone conference to discuss your data protection needs.

Disclaimer: General Information Provided Only
Please note that the contents of this article are intended solely for general information purposes and should not be considered as legal advice. We cannot be held responsible for any loss resulting from actions or inactions taken based on this article.

Insights

Latest Insights

16 June 2025

Can I challenge my mother’s will?

Excluded from a parent’s will? It’s a deeply upsetting situation, and as Jennifer Quick, Associate Solicitor in our Commercial Litigation… read more
12 June 2025

Artificial intelligence producing artificial authorities

Artificial Intelligence (AI) has taken the world by storm and is becoming increasingly more prevalent within the legal sector. Many… read more
11 June 2025

Artificial Intelligence in employment – managing the risks

The use of generative AI tools in the workplace such as ChatGPT, Copilot and Gemini has gathered pace at a… read more

Request a call back

We’ll arrange a no-obligation call back at a time to suit you.

SEND