Tag: Data protection

20 Days until Data Protection Regulation Overhaul

What is General Data Protection Regulation (GDPR)?

In short, the General Data Protection Regulation (GDPR) is a set of European regulations on how EU citizens’ data is handled. In general, the rules are more strict than before and there are significant fines and penalties if you do not take care to familiarise yourself with the new legislation.

Does it apply to my business?

The General Data Protection Regulation (GDPR) will apply from 25 May 2018.

If you are processing (handling) or controlling (making decisions about) any personal data (for example names, addresses, emails, phone numbers, IP addresses etc.) of an EU citizen, then you will be affected by these changes. This includes businesses that are not necessarily based in the EU and the data is not limited to your clients but also includes employees, suppliers and other partners. There is a separate group of ‘special categories’ of personal data for things like ethnic background or religious views.

Furthermore, the government has indicated that this legislation and the Data Protection Regulation will remain in full force after Brexit.

What do I have to do?

There are 11 chapters and 99 separate articles in the new General Data Protection Regulation (GDPR) legislation. There are various legal reasons you can have for processing data (contract/legal obligation/vital interests/public task/legitimate interests), but generally speaking, the most important one for most small businesses is that of consent.

Consent to handle data needs to be clear, specific, explicit and freely given, so it cannot be hidden in small print or involve a default ‘opt-in’ position.

Additionally, data must be deleted or anonymised after a certain period of time. People will also have the right to access all the personal data you hold on them at any time, or request that you delete the data you are storing on them, so it is important that it is stored in an organised and comprehensible fashion to be accessed quickly and easily.

What are the penalties for non-compliance?

Businesses that breach the new Data Protection Regulation are open to substantial fines of up to €20 million or 4% of your company’s annual global turnover (whichever is larger), so clearly these rules are not to be taken lightly. It is also worth bearing in mind that an individual who suffers as a result of poor data management can sue you for damage.

How can we help?

If you are unsure about what steps to take next, our lawyers are on hand to point you in the right direction.

Our comprehensive and competitive advice on the General Data Protection Regulation (GDPR) compliance includes, but is not limited to:

  • Update your Terms of Service and Privacy Policy to comply with the GDPR
  • Update your website to comply with GDPR
  • Provide a list of action points to anonymise online payments
  • Advise on anonymising inactive customers and prospects
  • Consult on data mapping
  • Provide full-scale, comprehensible information about “Right to Access” and “Right to be Forgotten”
  • Additional services, such as training your staff

For expert advice and assistance, please contact our lawyers on tel. +44(0)20 7822 8599 and by e-mail: info@sterlinglawyers.co.uk

Leaving the EU – Impact on Human Rights: Conference Summary Report

Sterling & Law Associates LLP were delighted to attend and participate in a high-level conference “Leaving the EU – Impact on Human Rights” organised by New Europeans[1], together with the European Association for the Defence of Human Rights (AEDH)[2], Britain in Europe[3] and Brunel University Knowing Our Rights project[4], and held in London on 16 March 2018 at Europe House

The event was organised to discuss the potential impact that Brexit would have on a number of our individuals’ rights and examine areas of human rights under threat for EU citizens and UK citizens.

The conference shed some light on key contentious areas such as workers’ rights, data protection, and family life among others. These are increasingly important topics to discuss as we move nearer and nearer towards the exit date of UK from the EU, especially when those in charge fail to provide specific indications into the details of these niche areas.

Brexit implications for human rights

There is a great fear that Brexit will lead to the regression of many of our rights. In the current state, a number of our fundamental rights derive from the European Convention on Human Rights (ECHR) and the European rules, regulations and directives. The Withdrawal Bill that proposes to implement Brexit could seek to remove several of those rights. For instance, in terms of employment law, the EU sits at the heart of workers’ rights[5] having brought about greater health and safety regulations that reduced the number of work days loss to absences and sick days, bringing about equal pay for equal value work and ensuring our right to parental leave. The Withdrawal Bill could possibly see the removal of these rights.

Data Protection Concerns

When it comes to data protection[6], the General Data Protection Regulation[7] (GDPR) proposed by the EU that comes into force on 25 May 2018, which has been implemented in the UK through the Data Protection Act, could lose all strength and meaning following Brexit. From an immigration perspective, the Data Protection Act includes an exception to the regulation for ‘effective immigration enforcement’. This means that if an individual is suspected of breaching immigration controls, the Home Office and other governmental agencies would be able to obtain and use personal data, that had been collected for purposes unrelated to immigration, to make a decision in regard to an individuals’ immigration status. This exemption could also mean that the Home Office would not be obliged to respond to Subject Access Requests (SARs) from people who wish to know what data has been held in relation to their previous immigration applications or situations at border controls. This is distressing because SARs are often used by legal practitioners to acquire necessary information to advise their clients on their specific circumstances, particularly when their clients do not have a clear record of their previous situations. Brexit could mean that the UK could get away with including such a wide-ranging exception into the legislation.

Photo by New Europeans

 

Family and private life

The conference also delved deeper into the impact that Brexit would have on our family and private life[8]. Research and analysis is currently being carried out into the effects on different categories of families. In the UK, 12% of all children born in the UK have at least one parent that is from the EU. After the referendum, there has been a sharp increase in the number of EU citizens in the UK applying for permanent residence applications and citizenship applications. However, while it might give you some peace of mind before the exit, the permanent residence card or document certifying permanent residence will not be considered valid after Brexit. EU citizens in the UK and their family members will have to reapply for a ‘settled’ status in the UK. However, as the exact details and processes are yet to have been announced, the rights of the EU citizens in the UK and those of UK citizens abroad in other EU countries have not been guaranteed. Brexit is seeking to remove EU citizens’ and their families’ free movement and automatic rights within the UK and create an entirely new system that has yet to be executed.

These alarming possibilities after Brexit gives rise to the question, as brought up by a participant at the conference, of whether the stripping of our access to these rights given to us through the EU would amount to an infringement of our human rights in itself.

Despite what has been mentioned in this article, no one knows for certain what is going to happen to our human rights after Brexit, let alone anything else relating to the UK, EU and Brexit, but it is important to keep updated on the news to ensure that we are all prepared for the big change coming our way.

Throughout the entire conference, it has been evident that Brexit has and will bring about an unjustifiable amount of uncertainty into our lives. This uncertainty underlines the discussion with ifs, doubts and questions that cannot be answered with a simple response. It is clear that the complexity of the matter, namely what effect Brexit will have on our fundamental human rights, cannot be easily resolved. However, what we can take away from this event is that there are several organisations and individuals that are currently fighting to ensure that our intrinsic human rights are not infringed.

It is our goal at Sterling & Law Associates LLP to help individuals and families to navigate this complex area of law and to keep EU nationals updated on any changes that may affect their life.

References:

[1] New Europeans is a civil rights organisation that campaigns for freedom of movement, non-discrimination and the principle of solidarity in Europe. This is done by giving a platform to European and non-EU citizens a voice in local communities to join and take part in the Europe-wide debate regarding the challenges that we are currently faced with.

[2] AEDH is a European network of over 30 individual and organisation members to defend and promote human rights in the EU.

[3] Britain in Europe is a think tank based at Brunel University London that brings together academics, legal practitioners, and human rights NGOs across Britain and Europe to conduct research and influence public policy.

[4] The project aims to provide analysis and insight into understanding the impact and application of the European Convention on Human Rights in the UK.

[5] This topic was discussed by Hannah Reed from the Trades Union Congress (TUC).

[6] This topic was discussed by Gracie Bradley from Liberty, a UK human rights and civil liberties campaign group.

[7] The GDPR was proposed to unify data protection rules for individuals within the EU. It seeks to protect personal data that is stored on computers or filing systems for example by ensuring that organisations that hold your personal information need to notify you if they share it and be transparent about how they process and use that personal information. The reason why this regulation is seen to be a move forward in this area is that there are real risks that can arise from non-compliance such as fines of up to 2% – 4% of the company’s global turnover.

[8] This topic was discussed by Dr. Nando Sigona from the Institute for Research into Superdiversity at the University of Birmingham.