A Brief Guide to Data Protection Law and Data Privacy
The Information Commissioner’s Office (ICO) is the regulatory body that oversees compliance with the data protection rules and fines organisations when breaches of personal data occur. It has the capacity to issue fines under the General Data Protection Regulation GDPR and Data Protection Act 2018 the provisions of Part 3 of the Act permits a higher maximum fine is £17.5 million or 4% of the total annual global turnover whichever is the higher. The standard maximum fine is £8.7 million or 2% of total annual turnover whichever is the higher. The two levels apply to different types of breach. The potential for such fines is a compelling reason to ensure that every conceivable measure is taken to protect the personal data held within a business or organisation.
As members of an information society, we are all living in an era where digitisation of our daily life entails new legal challenges. In the global community, we will increasingly face issues that may endanger the integrity and security of our online presence. In fact, the way we conduct our lives, businesses must take into account the ongoing risks and dangers brought by the inevitable datafication of our economies. In such context, European and International legal attempts to regulate the relatively new data phenomenon offer an evolving legal framework governing the use of sensitive personal data. The lawyers in Giambrone’s international privacy and data protection group strongly believe that by keeping pace with technological developments enables them to provide legal assistance that embraces current data and technology issues that are potentially endangering citizens’ privacy and identity to both individuals and businesses. All businesses must adhere to the widely embraced GDPR legislation and any breaches carry, not only financial penalties but reputational penalties as well.
Giambrone’s international privacy and data protection group’s main task is dealing with a wide range of data-oriented matters. Giambrone’s lawyers can provide assistance on matters such as GDPR compliance, data and security breaches, data transferring, fair cookies use, online tracking and data subjects’ rights.
Giambrone’s data protection specialists can help you in delivering privacy-oriented business strategies and objectives globally while also dealing with local differences that may complicate the data protection area.
Data protection and privacy laws affect almost all businesses and apply to the personal data that they hold, that is data that applies to an individual and not data that applies to a business; however, on some limited occasions data that relates to a sole director or sole practitioner is deemed to be that of an individual. This means that the legal data privacy issues involve both businesses (due to the data they hold relating to staff and customers) and individuals whose data may have been breached. The ICO has issued some painful fines. Ticketmaster was fined £1.25 million for failing to adequately protect its chatbot from cyber-attack. British Airways received a fine of £20 million for a similar lapse. Across Europe, the level of fines from country to country varies quite considerably with Spain maintaining one of the toughest regimes.
On the other hand, Giambrone also advises individuals in the exercise of their right as data subjects such as the right to access, right to be forgotten, right to rectification and so on.
Giambrone's privacy team is aware of the complex nature of data privacy issues but it also recognises that exploitation of Big Data may provide growth opportunities, such as enhanced information management enabling faster decision making and developing greater agility.
The data protection and privacy group also has particular expertise in protecting users’ rights in relation to more and more frequent data breaches that involve telecommunication companies. In such sensitive scenario, Giambrone lawyers can assess the lawfulness of data processing, its accuracy, the respect of all data protection principles established by the GDPR and so on. Giambrone is aware that data and security breaches constitute the prime negative legal incident average citizen may suffer and, for this reason, it is committed toward their protection via class action, compensation claims, and so on.
Giambrone advises business on:
- Data Audit;
- Data Asser Register;
- Data Protection Policies;
- How to handle data subjects’ request;
- Individual Data Rights;
- Dealing with data breaches and DPA (Data Protection Authority) Report;
- Data Protection impact assessment.
Giambrone benefits from a range of mandates from clients across various sectors including business entities and private individuals, ensuring Giambrone maintains a breadth and depth of knowledge that forms a strong basis to safeguard our clients with expert legal advice.
For more information on how to ensure you are compliant with GDPR rules please click here