Legal expert describes GDPR as a regulation for a 'new world with new risks'.

THE changing face of the internet has led to the introduction of tough new data protection regulations, says a leading regional expert.

Wilkin Chapman, the region’s largest law firm has recently held a number of GDPR training seminars throughout Lincolnshire and the East Riding of Yorkshire.

Tom Martin, employment solicitor from Wilkin Chapman, said: “The world is now a very different place to when the first Data Protection Act came into force almost 20 years ago.”

Putting it into context, he said that some 50,000 gigabytes are now used across the world every second – 20 years ago that was just 199 gigabytes every hour.

As a result, added protection is required for both individuals and organisations – leading to the introduction of the well-documented General Data Protection Regulation, (GDPR), on May 25.

“This is one of the most wide-ranging pieces of legislation passed in the last decade. There has been a lot of hype around its introduction and, while some of that is myth, there is no doubt that regulations are going to get stricter and tougher, to achieve added protection. This is a new regulation, for a new world with new risks, but it brings with it evolution rather than revolution,” said Tom.

For small and medium-sized businesses, the firm suggested that any failure to be compliant would not only mean possible fines but, as important, a breach could severely damage a reputation.

Matthew Quezada, solicitor from Wilkin Chapman specialising in GDPR governance emphasised the importance of business owners and managers ‘understanding the principles behind the regulation’, which will be enforceable across all European member states – with Brexit having no impact on its UK relevance.

Outlining some areas of risk, Mr Quezada said a lot of businesses were ‘hoarders’ when it came to personal data.

“A lot of organisations have a culture of hoarding and this will not fly with GDPR,” he said, adding how such data could include old job applications or details of former employees.

Businesses must have a sensible and legitimate reason for holding data on individuals and be mindful of who has access to it, said Mr Quezada.

Tom Martin emphasised the need for businesses to look carefully at the new regulations governing the sharing of employees’ data. He also explained how organisations must be mindful of sharing personal data without getting more detailed agreement from employees.

He added: “Businesses must really understand why they are processing a person’s data and what for.”

Detective Sergeant Steve Dennison of Humberside Police’s Cybercrime Investigation Team said regulations were also being tightened in the fight against cyber criminals. Citing a local case where a firm had its systems hacked followed by a ransom demand, he warned employers to ensure security systems were as water-tight as possible. The hacker, who had called himself the ‘Dark Overlord’, was arrested and is now serving a three-year jail term.

Meanwhile Daniel Westlake from regional web design company Cursor, stressed how GDPR would cut out the stealth-like marketing practices of some large organisations, which regularly use what appear to be light-hearted surveys on social media to get vital personal data.

GDPR is a hot potato and it will affect all businesses in one way or another. If you require assistance with regards to getting your business GDPR ready, get in touch with Wilkin Chapman for further information.