GOOD PRACTICE GUIDE Data protection: what the big the changes mean to you
Published: June 25, 2018
Author: admin

The Data Protection Act is about to be changed becoming tougher, and only about a third of businesses are ready for it - particularly those in the arts and creative industries. It will bring the UK into line with Europe and nothing, not even Brexit, will slow its implementation. Lawyer Karen Holden, who has made a speciality of the law around data protection, explains

On May 25 the General Data Protection Regulation (GDPR) will replace the current Data Protection Act 1998 (DPA). It will carry a new set of rules and huge changes on how data is being stored and processed by companies and enterprises, and the new development is going to give citizens more power when it comes to personal data. The change has come about due to increased online activity, and it will mean severe repercussions for businesses that do not follow the new policies and rules so it is better to start preparing now.

The design of GDPR not to dissimilar to that of the DPA, but the level of compliance is going to be dependent on how much data, and the type of data, is collected. You must, however, still afford privacy protection, notification and consent and protect the information by secure storage, regardless of your company's size. GDPR places a larger focus on protecting an individual’s rights about their data, so that when companies collect and process the data,they must also justify the legality of it.

Someone's personal data could simply be their name or address, but could extend to details including fingerprints, DNA and recorded calls. Under the GDPR, personal data will refer to any information that can relate to a single person. All of this information will be covered and protected by the GDPR.

If you record phone calls you must:

  1. Receive consent from the individual(s) in the phone call to record;
  2. Justify the necessity of the recording, i.e. to fulfil a contract, or for legal requirements;

  3. Protect the interests of participants;
  4. Be sure the recording is in the public interest, or necessary for the exercise of the official authority.
  5. Be aware that the interests of the recorder will be overridden if they conflict with the interests of the participants in the call.

Under the DPA, when a recording takes place the individual must be informed of the purpose and how the information will be processed. If the participant continued the call consent was assumed, and this was acceptable and common practice. That is no longer enough - the GDPR implements tighter regulations, and there must be express consent given, either by recording verbal consent or having terminating the call if consent is not given.

Rights to access data are also changing. Individuals will now have absolute access to any information stored about them, and this will need to be identified, retrieved and provided to them upon request. Therefore, as a business you must implement an efficient method of doing this on request. In addition, should the individual request to have your details removed you must do so with immediate effect. Any policies that are put into place to ensure this is done must be co-ordinated with your IT and call recording provider to ensure you can fulfil your claims.

Businesses must actively display their compliance to the new rules under the “Principle of Accountability”, and the GDPR stresses the importance of implementing data protection systems with immediate effect. Creating an extensive policy is not going to be useful if your staff and providers are not going to be able to fulfil the obligations, so having an honest and realistic policy will be most effective and will be easier to demonstrate if you need to prove fulfilment.

In order to implement any policy effectively there are several steps that must be completed, including drafting policies and protocols, and training staff to make them fully aware of the new provisions followed by careful management and implementation.

And there be penalties for breaches, and organisations could be fined up to £500,000 or, under the new GDPR, fines can range from 2-4% of global turnover, depending on how severe the case was. These fines are designed to have a large impact on non-compliant companies, so it is important to act now.

We believe that the best place to look when deciding what improvements and changes need to be made you need to have a full understanding of your business, its operations and the date you really need to be collecting. All polices created should be bespoke on a client by client basis, on what can be achieved, based on size, budget, suppliers and compliance.

Karen Holden is the founder of A City Law Firm

Karen Holden

Founder and MD


Karen is the visionary founder of A City Law Firm, recognised globally and ranked by Chambers & Partners. She has years of legal expertise s in advising founders and businesses in all sectors , but particularly in cutting-edge sectors such as AI, blockchain, fintech, and autonomous technology.

Her firm stands at the forefront of innovation, providing bespoke legal solutions for businesses preparing for investment, navigating international expansions, and protecting intellectual property in rapidly evolving industries. Her idea to offer fixed fees and packages are born with her vision to offer accessible but bespoke legal services to everyone.

Director & Head of Commercial Team

Founder and MD


Jacqueline heads up our Corporate and Commercial Team, is a Director of the Firm and sits on the Management Team. She is a confident and skilled negotiator, achieves favourable results for her clients and is a seasoned innovator.

Jacqueline head up a specialist team of lawyers best placed to advise on new innovation. Whilst she oversees all work undertaken by her team, she also runs the more complex investment rounds and enjoys working with those looking to disrupt their marketplace or using new and innovative technologies. She has specialist experience in crypto-currency and block chain, where she runs a steering panel of experts in this field as well as giving expert commentary and talks. She has a passion and understanding of machine learning and AI and works closely with our clients in developing their IP, business and securing investment. She has an array of clients across a multitude of sectors and disciplines, each at varying stages of funding, expansion and exits.

PRESS, AWARDS, TESTIMONIALS, ARTICLES

Silenced by Fear: A Guide to Addressing Sexual Harassment from Those in Power

Introduction Sexual harassment can occur in many contexts, not just in the workplace. When the harasser is in a position of power—be it a manager, investor, joint venture partner, or any influential figure—it can create a climate of fear that discourages victims from...

From partners to rivals | Protecting your company using restrictive covenants

If a founder or shareholders or senior managers relationship sours, things can go wrong very quickly causing the company distraction and financial losses. This is compounded if on exit the departing individual seeks to poach clients or staff seeks to work with a...

Navigating Fashion’s Legal Landscape: Essential Guidance for Designers and Entrepreneurs

Introduction: Fashion Week is more than just runways and glamorous designs it's also a pivotal time for designers, entrepreneurs, and brands to reassess their legal strategies. As the fashion industry faces unique challenges heading into 2025, including new...

From Partners to Rivals: Protecting Your Company through restrictive covenants

Today, we’re tackling an issue that can make or break your business—restrictive covenants and their role in protecting your company during shareholder, director or staff disputes. We will touch on their importance, how these should be incorporated into your documents...

Protecting AI Innovations: Strategies and Guidelines – Part 2

As Artificial intelligence (AI) continues to evolve, its intersection with Intellectual Property (IP) law has become a crucial consideration for innovators. The UK Intellectual Property Office (IPO) has a set of detailed guidelines to evaluate if AI inventions are...

The Life of a Disruptive Lawyer: Innovating Legal Practice in Emerging Technologies ran by a Mum & Female Founder

In the staid and often stolid world of law, disruption is not a term often associated with the legal profession. Yet, at A City Law Firm , disruption is our modus operandi. From pioneering payment plans to engaging with cutting-edge technology, we have redefined what...

Protecting AI Innovations: Strategies and Guidelines – Part 1

As Artificial intelligence (AI) continues to evolve, its intersection with Intellectual Property (IP) law has become a crucial consideration for innovators. The UK Intellectual Property Office (IPO) has a set of detailed guidelines to evaluate if AI inventions are...

Tackling workplace toxicity

In today’s interconnected work environment, whether through face-to-face interactions, virtual meetings on Teams, or other communication platforms, issues such as derogatory comments, bad-mouthing employers and management, bullying and discrimination are prevalent....

Navigating the metaverse | Potential challenges for employers and employees in the UK

With the rapid advancement of technology, the concept of the metaverse is no longer confined to the realm of science fiction it is here. As virtual reality, augmented reality, and other immersive technologies converge, the metaverse is becoming increasingly tangible....

IP Licenses: When do you need one and what are the essential terms it must have?

As technology lawyers working in emerging technology, our biggest value is protecting and commercialising the founders IP The why ? In the fast-paced world of intellectual property (IP), safeguarding your creations is paramount. Whether you’re an inventor, artist, or...