Getting ready for the GDPR

On 25 May 2018, EU data privacy law will be consolidated and strengthened under the new General Data Protection Regulation. The GDPR will replace all current EU data privacy laws, and the UK Data Protection Act 1998 will be repealed. Enhanced protection of and autonomy over personal data lies at the heart of this significant legislative change. With less than a year until the GDPR comes into force, Hazel Moffat and Rebecca Roberts offer practical guidance on key issues the financial sector must grapple with in preparation.

Hazel Moffat (hazel.moffat@dlapiper.com) is a partner, and Rebecca Roberts an associate, in the litigation and regulatory practice at DLA Piper in Edinburgh.

1. Penalties

Failure to comply with GDPR could result in eye-watering fines of up to €20 million or 4% of a company’s worldwide annual turnover (whichever is higher). This is in addition to the fines that a company can be liable to pay the Financial Conduct Authority in the event of non-compliance with its requirements. Companies operating in the financial services sector could therefore be vulnerable to double fines if they fall foul of their data privacy requirements.