A “game-changing” new General Data Protection Regulation (GDPR) comes into force across the EU, including the UK, in May 2018 - less than six months away.

The GDPR will govern the use of personal data - any information that relates to or could identify an individual - by all companies operating in the European Economic Area (EEA), as well as non-EEA based companies that provide services to EU citizens.

The GDPR introduces a number of new concepts and obligations including:

  • new and enhanced rights for individuals whose personal data is held and used by a business;
  • a new "accountability principle" which requires businesses not only to comply with the GDPR but to demonstrate how they comply;
  • more onerous contractual requirements when engaging third party service providers;
  • more detailed information in privacy and data collection notices; and
  • mandatory data breach notifications to data protection regulators and affected individuals.

Failure to comply could lead to a maximum fine of 4 per cent of global turnover or €20 million, whichever is higher.

The impact on businesses that collect, use or otherwise process personal data will be considerable and significant, not least in a real estate context where such data is used for property and portfolio management purposes as well as marketing.

Bear in mind too that GDPR will extend to data held in relation to an organisation’s own workforce, including contractors.

For further information please contact Sian Skerratt-Williams or your usual contact at Norton Rose Fulbright.



Recent publications

Subscribe and stay up to date with the latest legal news, information and events . . .