General Data Protection Regulation

General Data Protection Regulation

This blog is by Evangelista Divetain, Proelium Law LLP’s Practice and Operations Manager.  Eva was educated at the University of Nice Sophia-Antipolis and holds a Master’s Degree in private law and criminal science.

The legal bit…

In order to protect all EU citizens from privacy and data breaches the General Data Protection Regulation (‘GDPR’) was approved by the EU Parliament on 14 April 2016. The EU GDPR replaces the Data Protection Directive 95/46/EC and is perceived as the “most important change in data privacy regulation in 20 years”. Initially, because of the number of derogations in the GDPR, it was unclear if it was a Regulation or a Directive, which led the UK Government to call for views on possible UK Derogations on 12 April 2017.  However, as mentioned by the EU GDPR website, the GDPR is a regulation and not a directive, and as a regulation, “it will become immediately enforceable law in all member states”. All organisations must be compliant by 25 May 2018 (enforcement date) or they will risk heavy fines.

Brexit & GDPR – good news or bad news for the UK?

As mentioned by The Secretary of State for Culture, Media and Sport, Karen Bradley MP, the UK will have to apply the GPDR in May 2018. She confirmed on Monday 24 October 2016: “We will be members of the EU in 2018 and therefore it would be expected and quite normal for us to opt into the GDPR and then look later at how best we might be able to help British business with data protection while maintaining high levels of protection for members of the public.”

In the Information Commissioner’s Office blog, Elizabeth Denham, UK Information Commissioner, commented: “I see this as good news for the UK. One of the key drivers for data protection change is the importance and continuing evolution of the digital economy in the UK and around the world. That is why both the ICO and UK government have pushed for reform of the EU law for several years.”

Therefore, the UK will have no other choice than getting ready and complying with the GDPR by May 2018.

Why is it happening…?

Today’s rapidly changing data landscape has led to a need for an update of the data regulatory environment of the EU, as we are indeed creating more personal data than ever before and the processing of that data is worldwide. The GDPR has a primary goal to update the regulations to fit today’s innovations while protecting the “fundamental rights of individuals”. We can outline the GDPR’s main aims here:

  • Harmonize data privacy laws across Europe;
  • Accountability-based compliance framework for data protection in Europe;
  • Protect and empower all EU citizens’ data privacy; and
  • Reshape the way organisations across the region approach data privacy.
What you should do next…

Although the GDPR’s aims are well defined, preparing for its enforcement in May 2018 is more complex. To this end, the UK Information Commissioner’s Office (‘ICO’) has created a self-assessment tool kit “Getting Ready for the GDPR”, which will give organisations a better idea of the areas to be worked on.

What are the challenges…?

The intricacy of the implementation also stems from the fact that depending on the type of business, sector, location (i.e. if the organisation operates in more than one EU member state), sensitivity of the data processed (i.e. information related to a child, criminal records, or physical or health condition) different measures will need to be taken.

A proposed guideline could be seen as follow based on ICO’s guidance:

  1. Build awareness: If you are already complying with the Data Protection Act’s (‘DPA’) main concepts and principles it’s a good starting point to build your new approach to the GDPR. Ensure that the key people and decision makers are aware about the new elements and significant changes.
  2. Use the ICO’s Checklist: this 12-step checklist will help to understand the “main differences between the current law and the GDPR”.
  3. Plan your approach: the GDPR might (but only might) lead to significant budgetary, IT, personnel, governance and communications implications.
  4. Demonstrate accountability: this will be the role of the Data Controller, with the eventual help of the Data Protection Officer (to be appointed under GDPR Article 37 (1) in 3 specific cases), to demonstrate the documentation of that data and in which manner it is to be, processed.
  5. Map out the impact on your business model: some parts of the GDPR will impact your business more than others. It’s essential for the longevity of your business to work on the areas the most affected.
  6. Prioritise: After assessing the impact of the GDPR on your business, give extra attention to the areas identified.
  7. Keep your knowledge up to date: visit the ICO’s website for general guidance and advice, as they are working closely with trade associations and representing bodies in various sectors.
Sanctions

Not complying with the GDPR will potentially put your business longevity at risk and the fines for breaches will be much higher under the new regulation. The ICO will take into account the nature of the contravention, the effect of the contravention, behavioural issues (i.e. process in place to avoid the contravention), impact on the Data Controller or Person and other considerations such as any factors relevant to the determination of the amount of the monetary penalty.

  • Minor breaches: up to €10m or 2% of worldwide annual turnover (based on the preceding financial year).
  • Major breaches: up to €20m or 4% of worldwide annual turnover.

In addition, a notifiable breach (“where it is likely to result in a risk to the rights and freedoms of individuals”) must be reported to the relevant supervisory authority within 72 hours of the organisation becoming aware of it.

“We will be members of the EU in 2018 and therefore it would be expected and quite normal for us to opt into the GDPR and then look later at how best we might be able to help British business with data protection while maintaining high levels of protection for members of the public.” Karen Bradley MP

Need advice?

If you’d like further information, or to discuss working with us, you can get in touch via our Contact Us page

Read our latest news & articles

CIVILIAN: NOW THAT’S A NAME I HAVE NOT HEARD IN A LONG TIME – PART 1

Whatever civilian life was like for you before joining the Armed Forces, your military career is bound to have been life-altering. Like me, you might not have been the most organised or disciplined, or in the best physical shape, and joined with an attitude problem; we all quickly found out that a military existence is a whole new world compared to civilian life.

read more

Proelium Law LLP

Proelium Law LLP is a Limited Liability Partnership registered in England and Wales No.OC411568.

Proelium Law LLP is authorised and regulated by the Solicitors Regulation Authority No. 629608 (www.sra.org.uk)

VAT Registration No. 242 4002 59.

© www.proeliumlaw.com

Web Design by Tim Mitchell Design | Web Consultancy by John Griffin, Up Marketing Co

Iran and The West

Iran and The West

This blog is by Evangelista Divetain, Proelium Law LLP’s Practice and Operations Manager.  Eva was educated at the University of Nice Sophia-Antipolis and holds a Master’s Degree in private law and criminal science.

The Joint Comprehensive Plan of Action (JCPOA) with Iran was adopted on 18 October 2015 and implemented on 16 January 2016. The JCPOA, or ‘nuclear deal’, has been seen as a stabiliser in relationships between Iran and Western countries to “make the world a safer place”. The agreement seems to be broadly working so far, with benefits on both sides.

EDUCATION, RESEARCH AND INVESTMENTS

From the perspective of the West, few benefits can be highlighted as much as the strengthening academic collaboration and exchanges between UK and Iran.  British institutions partner more and more with Iranian institutions for research (among others UCL, Newcastle University and University of Reading). In Europe, a few foreign trades have been made; notably in January 2016, Iran finalised a deal with the European aircraft manufacturer Airbus to deliver more than 100 commercial jets to Iran. In addition, foreign investments have been growing from $2 to $12 billions since the deal, with Germany being the first country investing in Iran (c. $4 billions).

IRAN’S VIEW ON THE JCPOA

Even though the deal has softened the relationships with the West, from Iran’s perspective, there are still grey areas needed to be clarified and different groups within Iran hold diferent views. There is a need to move forward after the Iran-Iraq war and a desire to improve the security in the country and their relationships with others. Another reason, is for Iran to become a ‘normal’ state and have more time and energy to focus on regional issues, in order to stabilise the regime.

HIGH EXPECTATION

The deal has a valuable impact on the economic situation in Iran; the inflation rate has decreased from 35-40% to 9% and oil exports went from 1 to 3 million barrels a day with a forecast of 5 million a day by 2021. Unfortunately, it’s difficult for the population to perceive these statistics and the benefits of the deal. Consequently, the popularity of the President, Hassan Rouhani, has been decreasing as expectations were high before the JCPOA. Lifting sanctions were thought to have a great impact on the employment rate, increasing businesses and improving living standards. Nonetheless, it did not stop Hassan Rouhani to be re-elected on 19 May 2017 who promised to “reduce Iran’s international isolation”.

CONCLUSION

Iran is developing stronger relationships with India and China, but substantial improvements are yet to come with Western countries. Many issues won’t be resolved by the JCPOA as Western military and intelligence institutions fear Iran’s security infrastructure. Even though Iran wants to change the perception from the West by stabilizing the regime, gaining popularity and increasing openness to economic relations with other countries, the new administration in the US appears to have adopted a confrontational position. For the first time the European Union is perceived as an alternative to the key players, we will see in the future how far are they ready to go to truly support businesses in Iran and what would they do if the US stop honouring the JCPOA.

 

Need advice?

If you’d like further information, or to discuss working with us, you can get in touch via our Contact Us page

Read our latest news & articles

CIVILIAN: NOW THAT’S A NAME I HAVE NOT HEARD IN A LONG TIME – PART 1

Whatever civilian life was like for you before joining the Armed Forces, your military career is bound to have been life-altering. Like me, you might not have been the most organised or disciplined, or in the best physical shape, and joined with an attitude problem; we all quickly found out that a military existence is a whole new world compared to civilian life.

read more

Proelium Law LLP

Proelium Law LLP is a Limited Liability Partnership registered in England and Wales No.OC411568.

Proelium Law LLP is authorised and regulated by the Solicitors Regulation Authority No. 629608 (www.sra.org.uk)

VAT Registration No. 242 4002 59.

© www.proeliumlaw.com

Web Design by Tim Mitchell Design | Web Consultancy by John Griffin, Up Marketing Co

How Do You Measure Your Legal Risk?

How Do You Measure Your Legal Risk?

The Legal Risk Map

If you are working overseas, or running a business with a focus towards hostile or complex environments, then understanding what legal risks you are carrying will be important to you.

The legal difficulties that organisations operating in this area face are many, as you will be:
  • dealing with complex contracts, maybe involving local as well as ex-pat staff
  • having to apply local laws as well as relevant domestic laws
  • making sure you are not breaking money-laundering or counter terrorism financing rules
  • understanding and applying the nuances of UK and US bribery and corruption acts

… among many other things.

Faced with this complexity, organisations find it hard to sensibly include their legal risk in their risk assessments.

A beneficial approach can be to consider your legal risk across a number of themes, taking a view on how well you address each one.  Themes that are relevant can include:

Theme 1 – Corporate structures, including memoranda of association, articles of association and shareholders agreements.

Theme 2 – Policies, including (for instance): day-to-day functioning of your company; anti-money laundering; anti bribery and corruption; third party suppliers.

Theme 3 – Commercial contracts.

Theme 4 – Succession planning.

Theme 5 – Staff/consultant contracts, their rights to work and visas.

Theme 6 – Host nation and local laws for overseas projects, extra-territorial laws and compliance with them.

Theme 7 – Duty of care, essential to avoid claims of negligence.

Theme 8 – Insurance and whether it is adequate or not.

Theme 9 – Accreditations, whether you would be ready and their usefulness.

Theme 10 – Use of weapons and armoured vehicles, dual-use goods (if applicable).

Theme 11 – Data protection, to conform to the Data Protection Act and the forthcoming GDPR.

A further step would then be to plot your scores on a radar chart, to help visualise your organisation’s risk. By clever scoring you can achieve a chart whereby a tight circle in the centre of the radar chart would be the desirable goal. To discover Proelium Law Legal Risk Map Questionnaire click here.

“We provide specialist security services to government and high net worth clients around the globe. As such we operate in many permissive, non-permissive and hostile environments and rely on Proelium Law to provide multi-jurisdictional advice. The Legal Risk Map provided us with invaluable advice and a legal template to adhere to.”  A sector-leading UK specialist security company.

Need advice?

If you’d like further information, or to discuss working with us, you can get in touch via our Contact Us page

Read our latest news & articles

CIVILIAN: NOW THAT’S A NAME I HAVE NOT HEARD IN A LONG TIME – PART 1

Whatever civilian life was like for you before joining the Armed Forces, your military career is bound to have been life-altering. Like me, you might not have been the most organised or disciplined, or in the best physical shape, and joined with an attitude problem; we all quickly found out that a military existence is a whole new world compared to civilian life.

read more

Proelium Law LLP

Proelium Law LLP is a Limited Liability Partnership registered in England and Wales No.OC411568.

Proelium Law LLP is authorised and regulated by the Solicitors Regulation Authority No. 629608 (www.sra.org.uk)

VAT Registration No. 242 4002 59.

© www.proeliumlaw.com

Web Design by Tim Mitchell Design | Web Consultancy by John Griffin, Up Marketing Co

Pin It on Pinterest