Businesses are being encouraged to get to grips with data protection on the fifth anniversary of the introduction of landmark legislation.
Regional law firm Ellis Jones Solicitors has warned that many firms still do not fully understand their responsibilities and could face fines for breaches.
The comments come on the fifth anniversary of General Data Protection Regulation (GDPR) legislation governing data privacy and use of personal information which is now embedded in UK law.
Ellis Jones – with more than 170 staff including 23 Partners – has drawn its expertise together to create a new, standalone Data Protection department to advise businesses, organisations, public bodies and individuals.
Diane Pearce, Associate Solicitor, said: “Technology has exploded in the past few years and this has had considerable consequences for data protection and information security.
“It is hard to believe that the introduction of GDPR was five years ago but many businesses still don’t fully understand the requirements of the data protection legislation in their day to day business operations.
“This anniversary is a timely reminder to check their policies, procedures, workflows and operations.
“Data compliance is essential to every business because all businesses collect data.
“Technology growth has meant that it is important for businesses to have measures in place to protect themselves, and to build brand loyalty within their business, clients and contacts.
“We have seen large organisations including the likes of Facebook impacted by data breaches and the publicity that follows.
“As we move on from the COVID pandemic I fully expect to see the Information Commissioner’s Office (ICO) more actively involved in carrying out more spot audits or compliance checks. Also, any data breaches can bring an organisation under the radar of the ICO.
“There can be heavy fines, and we are keen to work with businesses to generate awareness, offer advice and assist in meeting their compliance requirements.”
She added: “One of the major issues we see, is where businesses may have a data protection policy or privacy policy in place which is generic and has not been tailored to their individual business requirements, or they may have missed sections out because they have taken a template version from elsewhere.
“GDPR and data protection has not gone away and will continue to be a significant focal point for every business, so those who fail to fully understand it, do so at their peril.”
Data protection in the UK falls under the Data Protection Act 2018, which implements UK GDPR following its introduction on 25 May 2018.
Fresh legislation is likely to be introduced under the government’s new Data Protection and Digital Information Bill to make GDPR less cumbersome and clampdown on problems such as nuisance phone calls and excessive pop-ups online.
Specialist solicitors in Ellis Jones’ Data Protection team have extensive experience in successfully handling cases across different sectors.
The department offers advice in such matters as audits, breaches, protection compliance, protection strategy and GDPR.
Visit https://www.ellisjones.co.uk/business/data-protection/ to find out more about complying with data protection laws.