The EU General Data Protection Regulation has just had its first birthday!
For those who thought it would be still crawling and a late walker, how wrong you are! Yes it’s true that to date, the UK regulator, the Information Commissioner’s Office has not sanctioned any breaches, other than for failure to register as a Data Controller, all that is about to change. In its June newsletter, Elizabeth Denham, head of the ICO has said that enforcement action is coming. She has said:
“For those who do not take this responsibility seriously or those who break the law, we will act swiftly and effectively. Many of the investigations launched with our new powers are now nearing completion and we expect outcomes soon, demonstrating the actions my office is willing and able to take to protect the public.”
And in a related development, the High Court has ruled that it is not unduly burdensome and disproportionate to ask a City of London law firm to search 35 paper files in response to a Data Subject Access Request.
The message to businesses is clear that they must take GDPR very seriously. We are advising leading commercial Real Estate industry businesses who until had not registered as Data Controllers and/or included compliant Privacy Notices on their websites.