GDPR advice days ahead of new laws being introduced

Monday 21 May 2018

Carey Olsen is among the firms offering advice ahead of new data protection laws coming in to force this coming Friday.

The General Data Protection Regulation (GDPR) is "rightly forcing companies to think ethically about their approach to customer data," according to partner Mark Dunster.

Speaking after Carey Olsen's GDPR and e-Privacy conference in Guernsey earlier this week, Mr Dunster said GDPR,which comes into effect on Friday 25 May, was bringing about a much-needed and deep-seated behavioural change relating to the responsibility of data ownership and processing.

"If you want to have a successful business you need to have a business where people think they are treated fairly as a customer. GDPR is simply regulation catching up with that expectation," said Mr Dunster.

The primary focus of GDPR is to protect the personal data of citizens of the European Union (EU) wherever it is held, processed or transferred. While the Channel Islands stand outside the EU, the legislation affects all local companies undertaking business in the EU or profiling EU citizens. The Data Protection (Bailiwick of Guernsey) Law, 2017, which reflects the new requirements of GDPR, comes into force the same day that GDPR comes into effect across all EU Member States.

Mr Dunster said: "If you have an over-reliance on rules, you generate an industry trying to find a way around those rules and it leads to a moral bankruptcy. You need to stick to core values, which is what GDPR does. It might sound like a biblical reference, but other people's data should be treated in the same way as you would want them to treat your data."

Carey Olsen counsel Carly Parrott, who spoke at the event on the risks, opportunities and challenges of managing data protection and employees, said HR departments would be under some of the most intense scrutiny following the introduction of GDPR and Guernsey's law.

"HR departments are a goldmine of personal data, which in GDPR terms means they are a compliance landmine," said Ms Parrott.

"The human element of GDPR extends beyond the vast volume of often unstructured and informal personal data that organisations continually collect from a variety of sources and regularly process about their employees into the often catastrophic impact that an organisation's most valuable resource, its people, can have on the security of that data. 

"Compliance with the data protection laws and, by extension, reducing the risk of security breaches demands a holistic approach to be adopted by organisations, led from the top and permeated throughout the whole organisation. This isbecause an educated workforce is an engaged workforce and an engaged workforce is much better equipped to navigate the landmine of GDPR compliance."

Other speakers at the event, which was attended by 200 representatives from Guernsey's business community, included Carey Olsen partner Elaine Gray, counsel Huw Thomas and associate Alexandra Gill. They were joined by Matt Thornton, co-founder of IT consultancy Cortex, and Emma Martins, Guernsey's Data Protection Commissioner.