As the seven month countdown begins until the General Data Protection Regulation (GDPR) is enforced from 25 May 2018, Carey Olsen is helping businesses to prepare by hosting its latest seminar on the subject.
The seminar will examine how the local data protection law in Guernsey will change and the impact it will have on the Island.
GDPR is one of the largest and most significant regulatory developments in recent times and will set the benchmark in terms of how personal data is handled around the world.
The seminar taking place on 1 November will see partner Mark Dunster and counsel Richard Field, both regulatory specialists, provide an overview of Guernsey's new data protection law, the challenges of GDPR compliance and common misconceptions around the new legislation. It will also highlight what businesses need to do to prepare for May 2018.
Mr Dunster said: “The new regime will introduce new accountability obligations, stronger rights for individuals over their personal data and will be transformative for how businesses handle personal data. Information security is one of the biggest operational risks facing businesses in Guernsey in terms of potential disruption, so data protection needs to be a priority now and not just when the new law is enforced. The penalties for failing to comply could amount to €20 million or four per cent of annual turnover, whichever is the greater, so thorough preparation is vital. The seminar will offer a great opportunity for local businesses to keep up to date with what they need to do to prepare for the new regime.”
Mr Field reinforces the message of the need to prepare now and stresses that it is a business-wide responsibility: “This legislation is all-encompassing and touches on all areas of the business. Cultural adaptation is key, but businesses also need to carry out an audit and risk assessment process to plan for and identify the appropriate technical and organisational measures needed to meet the new requirements (and to demonstrate compliance). This is not just a process for individual departments (such as the IT team); responsibility ultimately needs to sit with the board of directors. Engagement on a business-wide level should flow from them."
Mr Dunster added: "Guernsey is ahead of the game in preparing for GDPR which is helpful for businesses on the Island who are evaluating what they need to do to be compliant. We look forward to sharing ideas and collaborating with local businesses to see how they can prepare effectively."