Rely on the most comprehensive, up-to-date legal content designed and curated by lawyers for lawyers
Work faster and smarter to improve your drafting productivity without increasing risk
Accelerate the creation and use of high quality and trusted legal documents and forms
Streamline how you manage your legal business with proven tools and processes
Manage risk and compliance in your organisation to reduce your risk profile
Stay up to date and informed with insights from our trusted experts, news and information sources
Access the best content in the industry, effortlessly — confident that your news is trustworthy and up to date.
With over 30 practice areas, we have all bases covered. Find out how we can help
Our trusted tax intelligence solutions, highly-regarded exam training and education materials help guide and tutor Tax professionals
Regulatory, business information and analytics solutions that help professionals make better decisions
A leading provider of software platforms for professional services firms
In-depth analysis, commentary and practical information to help you protect your business
LexisNexis Blogs shed light on topics affecting the legal profession and the issues you're facing
Legal professionals trust us to help navigate change. Find out how we help ensure they exceed expectations
Lex Chat is a LexisNexis current affairs podcast sharing insights on topics for the legal profession
Printer Friendly Version
Allison Wooddisse, Head of In-House and Compliance, LexisNexis, considers what is on the horizon in relation to data protection and the GDPR for 2018 and what should be top of your to-do list right now on your journey to GDPR readiness.
Data protection. What happened in 2017? It's probably easier to say what hasn't happened.
At the time of writing, we still haven't had final guidance from the Information Commissioner's Office (ICO) on consent under the General Data Protection Regulation, Regulation (EU) 2016/679. Nor have we had detailed guidance on the scope of legitimate
interests, direct marketing under the GDPR, and lawful processing. There’s also great uncertainty about whether the ePrivacy Regulation (currently in draft form) will be finalised and in force to coincide with implementation of the GDPR.
It’s extremely difficult for organisations to draft their privacy notices and policies in readiness for the GDPR. This is because privacy notices and policies must state the lawful ground on which data is processed.
Many organisations will wish to move away from consent as the default ground for processing personal data, because the GDPR raises the bar for the standard of consent. ‘Legitimate interest’ is an attractive alternative ground for processing,
but the only available detailed guidance predates the GDPR.
The good news is, there are practical steps you can take today to be ahead of the game.
Before preparing a privacy notice or policy it is critical that you comprehensively identify what data you process, why and how.
Armed with this information, you can then form a preliminary view on the most appropriate ground for each processing activity, including legitimate interests and consent. Then, and only then, can you draft your privacy notices and policies. Helpful tools
to consider include a sample data processing map and data and information register.
As we are all aware, the GDPR will become directly applicable and enforceable in the UK from 25 May 2018. The Data Protection Bill is currently before Parliament and is expected to receive Royal Assent shortly in the New Year. We also have our fingers
crossed for detailed guidance from the ICO or EU on lawful grounds for processing, legitimate interests, consent and direct marketing. But time is pressing on and organisations cannot wait for the regulators to tell them what to do.
The GDPR represents the biggest overhaul in data protection law for two decades. As the deadline approaches, organisations must continue to review their internal procedures and arrangements with data subjects, suppliers and other third parties to ensure
they comply with the obligations under the new regime.
Top of your to-do list right now.
1.Data mapping—find out whose data are you processing, why and how
2. Making a start on legitimate interests assessments—this can’t wait for detailed ICO guidance and there is enough information in the GDPR itself and pre-GDPR guidance to get ahead of the game.
Here, useful tools include a legitimate interest assessment to determine whether you have a legitimate interest in processing data under the General Data Protection Regulation (GDPR) and, if so, whether that legitimate interest is overridden by the rights and interests of the data subjects whose data you propose
3. Overhauling your preference centre, or deciding whether to set up a preference centre if you don’t already have one.
Consider a preference centre supplier questionnaire to help you establish quicker and more effectively whether an externally supplied or maintained preference centre complies with the requirements of the General Data Protection Regulation, particularly around consent for marketing communications.
We’re here to help you on your journey to GDPR readiness.
Our GDPR planner aims to help you prepare your business data compliance processes. It expands on the suggested set of actions for each of the 12 areas issued by the Information Commissioner’s Office (ICO).
Download a copy of your free GDPR planner here.
This is one of many practical tools to help you manage your compliance obligations faster and more effectively within our LexisPSL Risk & Compliance module - created specifically to support in-house lawyers identify and manage risk
in their organisations.
With email news alerts, monthly highlights and forecasts; practice notes explaining the "what and the why" in key areas of risk such as crisis management, anti-money laundering, anti-bribery & corruption; and an unmatched suite of precedents to help
you put effective systems and process in place - fast. Request a free, no-obligation trial.
0330 161 1234