Important notice

Although the content of this article was correct at the time of writing, the accuracy of the information should not be relied upon, as it may have been subject to subsequent tax, legislative or event changes.

Getting Started

On the front foot?

Is your business ready to manage the introduction of tighter data protection rules? Stackhouse Poland look ahead to next year’s regulatory change

On the front foot?

In today’s modern society, the rapid rate of technological innovation and globalisation have had a dramatic impact upon the privacy rights of individual users. To rectify these issues, on 25 May 2018 a comprehensive reform of data protection rules comes into effect. These reforms will strengthen the privacy rights of online users and help boost Europe’s digital economy.

General Data Protection Regulation (GDPR) was adopted on 27 April 2016 and will be brought into full effect on 25 May 2018. The primary objectives of the GDPR are listed as follows:

• to strengthen and unify data protection of all individuals within the European Union (EU)

• to give citizens and residents more control over the sharing of their personal data

• to simplify the regulatory environment for international business by unifying data protection regulations within the EU.


Although the GDPR was primarily designed to protect the privacy rights of individual users, its implementation will have a significant impact upon the ways in which all foreign companies, both large corporations and small businesses, process the data of EU residents.

Under this new legislation, independent national data protection authorities will be strengthened so that they are better equipped to enforce the GDPR in their respective countries. If these authorities find that a business is operating outside of the strict data protection compliance regime of the GDPR, they could face fines ranging from €10,000 up to €20,000,000, or 4% of their worldwide turnover.

It is crucial that all businesses become familiar with the terms and conditions of the GDPR and that they implement sufficient data protection measures before this new legislation comes into full effect on 25 May 2018. Failing to do so could result in substantial financial losses and incalculable damage to that company’s worldwide brand reputation.

How does the GDPR define personal data?

Under the GDPR, individual users will have better access to their own data and they will be able to transfer this personal data from one service provider to another with far less complications.

Individual users will also have a ‘right to be forgotten’ whereby they will be able to delete their personal data from websites and online resources if there are no legitimate grounds for retaining it. This new legislation means that citizens will have the right to question and legally dispute decisions regarding the use and distribution of their personal data that would have previously been made for them via an automated, algorithmic basis. According to the European Commission, personal data is defined as;

“Any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address”.

How will the GDPR impact upon the operations of my business?

The introduction of the GDPR will implement new laws concerning the capture and control of personal information and consumer content. As matters stand, many businesses utilise this personal information to conduct market research, so the GDPR will require many companies to drastically change how they gather and utilise consumer data. In order to ensure that your company does not inadvertently fail to comply with the new rules outlined in the GDPR, it is important to familiarise yourself with its key legislation.

Your company will be subject to new GDPR legislation if you:

• offer services to EU citizens

• operate within the EU market

• handle the personal data of EU citizens.


If any of these practices apply to you then it is strongly recommended that you begin to scrutinise your existing data protection policies and that you begin to investigate commercial insurance policies which provide targeted cover for business operating outside the UK borders.

How can I ensure my business operations comply with new GDPR legislation?

Due to the fact that the GDPR will not be brought into effect until next year, large corporations and small businesses alike have a golden opportunity to pre-emptively modify their company’s operations in order to avoid potential fines. By taking the initiative and revising your data sharing processes, you can modify your company’s day-to-day information processing systems in a manner that will safeguard your consumers’ data as well as protecting your business against potential GDPR fines. This is where employing a targeted Commercial Insurance policy can prove essential.

For commercial insurance, your St. James’s Place Partner will be able to advise you on which of our panel providers you would need to be referred to, given your particular circumstances and need for further advice in this area.

The opinions expressed by third parties are their own, and not necessarily shared with St. James’s Place Wealth Management.