Rely on the most comprehensive, up-to-date legal content designed and curated by lawyers for lawyers
Work faster and smarter to improve your drafting productivity without increasing risk
Accelerate the creation and use of high quality and trusted legal documents and forms
Streamline how you manage your legal business with proven tools and processes
Manage risk and compliance in your organisation to reduce your risk profile
Stay up to date and informed with insights from our trusted experts, news and information sources
Access the best content in the industry, effortlessly — confident that your news is trustworthy and up to date.
With over 30 practice areas, we have all bases covered. Find out how we can help
Our trusted tax intelligence solutions, highly-regarded exam training and education materials help guide and tutor Tax professionals
Regulatory, business information and analytics solutions that help professionals make better decisions
A leading provider of software platforms for professional services firms
In-depth analysis, commentary and practical information to help you protect your business
LexisNexis Blogs shed light on topics affecting the legal profession and the issues you're facing
Legal professionals trust us to help navigate change. Find out how we help ensure they exceed expectations
Lex Chat is a LexisNexis current affairs podcast sharing insights on topics for the legal profession
Printer Friendly Version
those of us working in privacy and data protection you would have had to have been living in a cave for the last few years not to know that changes are on the horizon. However, there is a lot of misinformation out there about what’s happening
and when. Articles frequently appear reporting on new changes and stating as fact things that are definitely not.
The truth is that the draft Regulation is still being negotiated, there is some way to go, and there is little you can do to prepare right now, as we don’t know what it will say on the key points. There is some direction of travel that we can identify,
but on the issues that may be of most importance to companies there is a lot of disagreement between the Parliament and the Council, who need to agree a version for it to become law.
If you are not familiar with the EU legislative process, then I recommend the latest blog from the ICO on the topic, which explains very concisely and clearly what has happened to date, what is happening now, and what has to happen next.
In terms of what might change in some way, there are some key areas like consent, legitimate interests condition for processing and profiling where the wording is in flux and there seems to be disagreement between the Council and the Parliament. So it
may be worth you or your government affairs team keeping an eye on any developments there.
It looks as though the provisions on international transfers will seem more restrictive from a UK perspective, as the ability to carry out your own assessment will disappear unless the transfer is small-scale and infrequent, and your assessment is a balancing
test between your interests and the rights of the individual. At least that is what the Council propose. The Parliament has removed this option completely from their version.
What does seem likely is an increase in paperwork for those of us in a data protection officer type role. Both Council and Parliament versions of the draft Regulation require detailed documentary evidence of what you’re doing with personal data
and how you’re looking after it. If you have a good governance programme in place, then you should already have most if not all the information you need, and it may just be a case of presenting it differently or more coherently should a regulator
ask to see it. A lot of companies fail to carry out or maintain data mapping or data inventories and this is one of the basics that companies should be sorting out now.
So should you just sit and wait for the Regulation to be published? Well, there are some things you can do in the meantime if you have responsibility for data protection. The best thing you can do is to make sure you’re compliant with the
current regime. The ICO’s message is still ‘get your house in order now under the current regime, and you’ll go a long way to being compliant under the new one’. It might also be worth preparing a briefing for senior management
or the board to make sure they don’t get panicked by misleading articles and they have an overview of what’s happening in case they are ever asked. You can also work with your government affairs team or similar to identify the key aspects
of the reform that might affect your company most, and keep an eye on developments on these points.
And finally, remember that once the Regulation is agreed and published, there will be a two-year implementation period, and that’s when the hard work really starts!
We have developed a data protection risk management guide to help you:
- Minimise potential data breaches and resulting reputational and financial risk to the business
- Remain on top of the changing regulatory landscape and the implications for your business
- Demonstrate the value of your risk management strategy to the business
To view the data protection risk management guide for free; request a free one week trial.
0330 161 1234