Biometric data, cookie identifiers, IP addresses – these technical terms relating to data protection seemingly have no relevance to the agricultural sector. However, recent changes to legislation mean that data protection law is something that agricultural businesses have to take seriously.
What is personal data?
Data protection law protects personal data. This means information relating to an identifiable living person – such as customer contact details, employee files and email addresses. For example, if you have a database of email addresses that you use to send out special offers to customers of your farm shop, you need to make sure that you comply with data protection law.
In May 2018, new legislation – the General Data Protection Regulation (“GDPR”) – came into force. It extends individuals’ data privacy rights and introduced a new culture of “accountability”. Penalties for breaches of the law increased to a maximum of 20 million Euros, and organisations are now required to self-report serious data breaches within 72 hours. This means that it is more important than ever to comply with the legislation.
Complying with the law
Businesses need to make sure that they can show:
To avoid hefty fines, agricultural businesses should now:
Organisations have to move away from seeing data protection as a “box ticking exercise” towards building a “culture of privacy that pervades an entire organisation”. The Information Commissioner has emphasised the business benefits of being perceived as an organisation which respects the privacy of individuals, and foresees that this issue could well play a role in consumer choice.
For further help or advice, please contact Partner and Data Protection Law specialist, Louise Connacher, on 0113 2802108 or firstname.lastname@example.org.
Please note this information is provided by way of example and may not be complete and is certainly not intended to constitute legal advice. You should take bespoke advice for your circumstances.