Lawyers warn that data protection law is going to be tightened
Legal firm Appleby is warning that companies need to be aware of a tightening of data protection law.
The Douglas-based data protection team, which works with the corporate and dispute resolution departments and has been operating for 10 years, is led by partner Claire Milne, and includes fellow Partner Caren Pegg and associates Mark Emery and Katherine Johnson.
The team also draws on, and contributes to, the work of Appleby’s global data protection and cyber security team, with expertise from across the 10 international jurisdictions where Appleby has a presence.
Claire, who is also a team leader for the intellectual property and science and technology teams in the Athol Street office, has advised on data protection law for more than 20 years and is a former member of the Isle of Man Data Protection Tribunal, an independent body established under the Data Protection Act 2002.
The company says that team’s expertise is ’particularly relevant’ now given that the General Data Protection Regulation (GDPR), which replaces existing European Union legislation and will introduce much stronger rights and controls surrounding personal data, becomes enforceable in May next year.
Claire said: ’Protecting and handling personal data correctly is essential for all businesses, especially with stronger controls and stricter penalties on the way. Getting it wrong can lead to substantial financial penalties, with fines of up to 4% of global annual turnover or â?¬20 million, as well as significant reputational damage.
’The new GDPR framework, which becomes enforceable from May 15, 2018, is ambitious, complex and strict.
’Individuals will possess new and stronger rights under the GDPR and supervisory authorities will have the right to impose strict penalties.
’Data subjects will also be able to take legal action against controllers for data breaches and supervisory authorities can audit, suspend, or even ban data processing.
’As the Isle of Man Government has indicated that it intends to introduce legislation by May 25 that will essentially be equivalent to the GDPR and that any Isle of Man company providing goods and/or services to EU residents will be required to comply with the terms of the GDPR, it is clear the GDPR will impact upon every Isle of Man business that holds or uses personal data.
’For many businesses, this will mean a fundamental change to the way in which they currently manage and process personal data. In particular, the penalty regime and ability for supervisory authorities to stop controllers from processing personal data has the potential to significantly impact upon both the profitability of an Isle of Man business and, in the most severe cases, its ability to operate.
She added: ’Between now and spring 2018, businesses need to get a clear understanding of their current compliance position: what data they hold and where, what personal data they process, where it is transferred and how it is secured throughout its lifecycle.
’Our expert team brings together many years of experience in data protection and related fields, including advising on contentious matters, to give our clients a fully focused and targeted service as they prepare for the new regime.’
As well as contributing to numerous data protection chapters for publishers and City firms, team members have already advised Isle of Man clients in the insurance, banking and online gambling sectors on data protection matters.