The EU’s General Data Protection Regulation (GDPR), set to come into force in just over a month from now (25 May 2018), spells big change for businesses globally. It also spells big change for the public sector, with its organisations typically processing large amounts of different types of personal data. With GDPR introducing new rights for individuals and much tougher penalties, risk managers will be anxious to see whether the new legislation opens the door for an increase in civil claims following any data breaches they have.
GDPR specifically states that a civil claim can be made for any data breach, even if there has been no tangible financial loss. This wasn’t always the case, and the fact that citizens can now make a claim based solely on distress or injury of feelings changes things significantly. What’s more, with any breach under GDPR comes the mandatory requirement to report it to the data protection authorities, which in turn could have the effect of raising the profile of the breach itself. All these new conditions point to a likely increase in the number of civil claims we will see.
It follows that building trust and confidence with the public is going to be a priority for the public sector. With an expected increase in civil litigation cases, high profile breaches are going to be more costly than ever, and that’s without mentioning the further costs of reputational damage. The public sector will have been planning for this day though, and preparations for most will be in an advanced state. Organisations can best protect themselves by embracing GDPR, and one of the best ways to do this will be to train staff. It will be a challenge for the public sector, but it’s one that can be seen as an opportunity, too. With risk-based strategies in place, organisations can increase their data security and build trust and transparency with the public.
To make preparations easier, check out the ICO website’s useful guidance.
Published date: 16th April 2018
This article and related document links do not purport to be comprehensive or to give legal advice. While every effort has been made to ensure accuracy, Risk Management Partners cannot be held liable for any errors, omissions or inaccuracies contained within the article and related document links.
Readers should not act upon (or refrain from acting upon) information in this article and related document links without first taking further specialist or professional advice.
Risk Management Partners Limited is authorised and regulated by the Financial Conduct Authority. Registered office: The Walbrook Building, 25 Walbrook, London EC4N 8AW. Registered in England and Wales. Company no. 2989025