On 1st October GL Law merged with national law firm Shakespeare Martineau as part of an exciting growth plan. To find out more read the full story here. If you have any urgent queries please reach out to your usual contact, email, or call 0117 906 9400.

Home > News > Countdown to GDPR

Countdown to GDPR

25 May 2017 |

There is nothing that we lawyers love more than a good old countdown to some new and preferably fear-inducing piece of legislation. So without further ado, there is less than one year to go before the European General Data Protection Regulation (GDPR) comes into force; heralding the most significant change to European data protection law in over 20 years.

It is difficult to think of any organisation (whether a charity or social enterprise, company or public body) that will not be affected by the GDPR. If you process personal data (in the broadest sense) relating to any living EU citizen, the GDPR will apply and you will need to ensure that you have the necessary processes and systems in place to ensure and demonstrate compliance with the GDPR.

“When it comes to data protection, small businesses tend to be less well prepared. They have less to invest in getting it right. They don’t have compliance teams or data protection officers. But small organisations often process a lot of personal data, and the reputation and liability risks are just as real.” – Elizabeth Denham, Information Commissioner

The headline news is that if you thought the maximum penalty of £500,000 under the Data Protection Act 1998 was serious, you could now face fines of up to €20 million or 4% of global annual turnover (whichever is greater) for severe breaches and up to  €10 million or 2% of global annual turnover (whichever is greater) for other breaches. Certainly fear-inducing, if perhaps unlikely for all but the largest corporations handling personal data on a massive scale.

Shortly, we will be launching our GDPR Hub, providing you with access to clear and pragmatic advice on the key elements of the GDPR and the steps you can take to ensure that you are not caught out on 25 May 2018. To get you started, take a look at our infographic which summarise the key changes arriving with the GDPR.

If you have not started any GDPR readiness initiative already, you should raise awareness of the GDPR across your organisation and undertake a thorough audit of your data processing practices covering:

  • What personal data you collect
  • How you process and store personal data
  • Whether you have obtained sufficient consent for processing personal data
  • Who processes personal data on your behalf and on what terms
  • How long you keep personal data for and how you delete or destroy it
  • Whether your insurance cover is sufficient
  • Whether your staff are properly trained

Our Data Protection experts are on hand to help. From conducting audits and privacy impact assessments to preparing response plans in the event of a data security breach and providing on-site training, we are able to provide clear and pragmatic advice on this complex area of law.

The contents of this article are intended for general information purposes only and shall not be deemed to be, or constitute legal advice. We cannot accept responsibility for any loss as a result of acts or omissions taken in respect of this article.

  • What can we help you with?