Data Protection has recently undergone a fundamental reappraisal with the enactment of the new European Union General Data Protection Regulation (“GDPR”). GDPR is not due to come into force until 25 May 2018; yet it will undoubtedly have a real impact before Brexit takes place. United Kingdom businesses will in any event need to comply; even after any Brexit, businesses will need to comply with GDPR for the foreseeable future.The impact of GDPR and Brexit is not restricted to UK businesses; any multinational operating in multiple geographies including UK will be also affected by it.

The new legislation is radically different from what is currently in place.Instead of a notional transparency through registration and consent under the existing legislation; transparency under the GDPR is achieved through a series of rights given to individuals. Examples of such individual rights are: the right to object to data collection and the right to be forgotten. This is backed up by a much more extensive obligation on data controllers to provide information on request and sometimes even before a request is made.

Many lawyers focus on greater penalties under the GDPR: a maximum fine of €20,000,000 can be imposed for breaches (up from £500,000). In addition to clarifying such penalties Dai will spend as much time on the substantial commercial benefits that can be derived from the new legislation.



8 December, London

12 December, Manchester

The Course starts at 09:30 and finishes at 17:15 with two 15-minute breaks and an hour for lunch.

The course includes a discussion of the following topics:

  • The obligation to consider privacy when designing an electronic system
  • The obligation to consider privacy by default
  • The obligation to notify breaches to the information commissioner
  • The obligation to notify breaches to an individual affected
  • Right to object to data collection
  • Right to object to data profiling
  • Right to be forgotten
  • Right to data portability
  • A brief history of the Data Protection legislation
  • The effect of Brexit on UK data protectionlaw
  • Discrepancies between UK and EU law
  • The effect of Brexit on Multinational companies operating in Europe
  • Data export under the GDPR
  • Data export to the United States: Safe Harbour, Schrems and Privacy Shield

The course also considers the implications of GDPR in the context of the United Kingdom’s impending departure from the European Union. There will also be a discussion of the present and future arrangements for data sharing with other countries especially including the United States.



Dai Davis

Percy Crow Davis & Co Ltd

Media Partner