Business

Local companies face £17m fines for breaching new data protection laws

LOCAL companies could face fines of over £17 million if they fail to comply with new data protection regulations which take effect next year.

Corporate law firm A&L Goodbody has warned firms to begin preparing for the new regulations, which take effect next year, in a bid to avoid heavy penalties.

In the first major data protection reform for over 20 years, the General Data Protection Regulation (GDPR) will come into play from May 25, 2018.

Mark Thompson, partner and head of A&L Goodbody’s Belfast office said the changes should be a major concern for businesses holding large quantities of sensitive personal data, such as financial services or healthcare providers.

The regulations place a strong onus on companies to be more accountable for their internal data protection policies and procedures, and more transparent in communicating how they are using customers’ personal data.”

Under the GDPR, data processors will have direct obligations for the first time, and the protocol around seeking consent to process data has been revised.

Companies will also face much shorter deadlines for responding to requests from individuals to view their own personal data.

Firms will also have to notify the authorities within seventy-two hours of a data breach or incidences of a hacking.

Depending on the nature of the breach, the maximum fine will either be over £8 million or two per cent of turnover, or £17 million or four per cent of turnover.

Jonathan Hacking, associate in A&L Goodbody’s commercial team urged companies to take the necessary steps to mitigate the impact, including allocating budget and resources to implement and manage the necessary changes.

"Companies must take a detailed inventory of all the data they collect and assess how it is processed. They should, in addition, conduct a review of their existing policy and data retention, security and data breach notifications procedures – as well as reviewing all privacy notices and contracts with third parties," he said.