Society of Human Resources Management
"This is still only in the consultation phase, and it remains to be seen whether any of the proposals will be implemented," said Darren Issacs, GQ|Littler Partner. "If the government wants to reform the data privacy regime, it needs to be careful that this is done in a way that doesn't make the EU question the U.K.'s standard of data privacy protection. If the EU considers that the U.K. doesn't provide an appropriate level of protection, it may decide that the U.K.'s laws are not up to EU standard, which will lead to an increase in compliance obligations when U.K. businesses deal with the EU."
"Historically, instances of employer data breaches or noncompliance have not received significant penalties, except in very serious cases or where there are repeated breaches," Issacs commented. "The U.K. data privacy regulator tends to take a reasonable and proportionate approach to policing the legislation."
Deborah Margolis, Senor Associate at GQ|Littler, said a common mistake employers make is "not dealing with data privacy in a proactive way and only engaging with it when they face issues." Businesses should ensure that they properly document their compliance processes and that GDPR forms are part of their day-to-day operations from the outset, she noted.
Read the full article here.