The General Data Protection Regulation (GDPR) became directly applicable across the EU today. Companies will be continuing to digest the raft of new and updated guidance on the GDPR that the Information Commissioner’s Office (ICO) published in the run-up to the implementation date.
Other items on the agenda for businesses this month include the expected publication of secondary legislation on corporate governance and the Financial Reporting Council’s (FRC) launch of a consultation on the Large Private Companies Code.
GDPR now directly applicable across the EU
The GDPR became directly applicable across the EU today. The ICO continued to update, expand and publish new guidance on the GDPR in the lead-up to the 25 May 2018 implementation date, including on:
- Consent.
- Accountability, governance and security.
- Data portability.
- Data protection impact assessments.
- The right of access and the right to object.
- Automised decision-making and profiling.
- The right to be informed.
The ICO’s consultation on its draft Regulatory Action Policy closes on 28 June 2018.
On 23 May 2018, the Data Protection Bill 2017-19 received Royal Assent to become the Data Protection Act 2018 (DPA 2018). The DPA 2018 ensures that the standards set out in the GDPR have effect in the UK.
For an overview of key GDPR content and compliance resources on Practical Law, see our In-house GDPR toolkit.
Corporate governance reform: secondary legislation and consultation on Large Private Companies Code
Draft secondary legislation set out in the government’s response to the Green Paper on corporate governance reform is expected to be published in June. The secondary legislation will cover:
- Section 172. All private and public companies of a significant size will be required to explain how their directors have had regard to the employee and other non-shareholder interests set out in section 172 of the Companies Act 2006.
- Corporate governance arrangements. All private and public companies of a significant size will be required to outline their corporate governance arrangements in their directors’ report and on their website, including whether they follow any formal code.
- Pay ratios. Quoted companies will be required to report on pay ratios comparing CEO remuneration to average pay in the wider company workforce.
- Outcomes of LTIPs. Quoted companies will be required to provide clearer explanations in their remuneration policies of the possible outcomes of their long-term incentive plans (LTIPs).
The FRC was also expected to launch the new UK Corporate Governance Code in June but publication has been pushed back until July 2018. However, the FRC is expected to launch a consultation on the Large Private Companies Code in mid-June 2018.
Sir John Kingman has recently named the 11 members of the panel who will support him during his review of the FRC. The review will assess the FRC’s governance, impact and powers, to help ensure it is fit for the future, and is expected to be completed by the end of 2018.
The BEIS consultation on corporate governance and insolvency closes on 11 June 2018.
Guidance for businesses on cyber security published
Businesses will welcome guidance published by the National Cyber Security Centre (NCSC) on the security steps that they can take to defend themselves against cyber attacks. These include signing up to the Cyber Security Information Sharing Partnership (a joint industry and government initiative set up to exchange cyber threat information in real time) and following the NCSC’s “ten steps to cyber security”.
Taylor Review and the gig economy
As part of its response to the Taylor Review of Modern Working Practices, the government committed to ensure that employers provide itemise payslips to all workers, not just employees. A new Order confirms this commitment and enables all workers to enforce the right at an employment tribunal. The Order will come into force on 6 April 2019 and will not apply to wages or salary paid in respect of a period of work before this date.
Employment status cases continue to make their way through the employment tribunal system. The Employment Appeal Tribunal recently upheld a tribunal’s finding that a cycle courier working for Addison Lee was a worker, not a genuinely self-employed independent contractor, and was therefore entitled to statutory holiday pay. However, the assessment of employment status will always be highly fact-sensitive and it should not be assumed that all couriers or drivers working in the gig economy will be classed as workers.
Thomson Reuters 2018 GC Leadership Forum
Thomson Reuters is hosting its annual GC Leadership Summit in London on 3 July 2018. This year’s Summit is supported by the GC100 and will be co-chaired by Grant Dawson (General Counsel and Company Secretary at Centrica) and Rosemary Martin (Group General Counsel and Company Secretary at Vodafone).
The focus is the Law Department of the Future and it is targeted at both current and aspiring general counsel and law department leaders. Session themes include how to effectively harness the value of new tools and technology, managing stress and mental health, and identifying legal department KPIs. Book your place.
Trade Secrets Directive to apply in all member states
The Trade Secrets Directive, which is intended to harmonise the treatment of confidential business information in the EU, must be implemented into member states’ national law by 9 June 2018. However, due to Brexit, it is not yet known if the UK government will implement this Directive.
Geneva Act of the Hague Agreement on Industrial Designs comes into effect
The Geneva Act of the Hague Agreement on Industrial Designs comes into effect on 13 June 2018 and will make the Hague system on industrial designs available to UK applicants for the first time. An international application filed under the system can cover up to 100 different designs, and UK design applications can now cover an unlimited number of designs. This international registration system will offer significant cost and time savings to UK applicants.