A major shake-up of EU protection laws must be implemented by businesses – regardless of whether or not the country votes to leave the European Union on Thursday.
Leading commercial lawyer James Pressley from Kirwans law firm is urging businesses to ensure that their data protection policies comply with the new General Data Protection Regulation (GDPR), which aims to strengthen the rights individuals have over their information and make companies take the issue of data protection far more seriously.
The extensive set of laws will apply to any business that handles EU citizens’ data – whether it’s actually based in Europe or not. And any breach in procedure could see them facing penalties of up to €20 million.
James said: “Many businesses seem to believe that if we vote Leave we’ll be able to cut through this red tape.
“But under the existing EU Treaties, even if we left the EU as quickly as possible, the earliest leaving date would most likely be June 24th, 2018. Under existing EU law, the GDPR has to be implemented into UK law no later than May 25th, 2018. That means that there would be an overlap of, at the very least, a month, where businesses who hadn’t implemented the new policies would be extremely vulnerable.”
In addition, James explains, even if the UK leaves the EU, we will still want to trade with it. However, one of its laws states that data cannot be transferred out of an EU country to a country which has ‘inadequate’ safeguards for personal data.
“The bottom line is, we are going to need to be able to prove to the EU that we have ‘adequate’ safeguarding in place for data. Or, in other words, the GDPR. So whether we vote to remain or leave, if we want to continue trading with Europe we simply have to have these policies in place.”
One example of where the new EU GDPR applies is the tick boxes that appear when buying from a website. Under the old law, the website could have a box ‘pre-ticked’ next to a statement saying that they could contact the consumer with offers, and the customer would have to ‘un-tick’ that box not to receive those offers. Under the new law, that box cannot be ‘pre-ticked’ – the consumer has to choose to tick the box themselves.
“The new regulation is extremely complicated, and most companies will need to seek specialist advice to ensure that the have the right policies and procedures in place as, if they don’t, the Information Commissioner’s Office has the power to fine them up to €20 million.”