The introduction of the General Data Protection Regulation will impact most businesses from 25th May 2018

The objective of the regulation is to bring digital accountability to organisations across Europe

When introduced, businesses will have 12 months to become compliant. After this period, substantial fines will be introduced as penalties for organisations who fail to meet the obligations of this legislation.

Despite Brexit, this legislation will affect UK businesses as the UK will still be part of the EU at the time the legislation comes in to force. Once the UK leaves the EU, compliance will still be necessary to trade with companies within EU member states.

Data - on loan

To understand the principles behind GDPR, you need to consider that any data that you hold has been loaned to you by the owner, and they are in control of who has it and what they do with it. Consent must be freely given for the use of any personal data and the use for this must be made clear. 

Protecting personal information

The EU GDPR directive which comes into force on the 25th May 2018, aims to protect privacy and personal data with clear penalties for those who fail to comply with the legislation including fines of up to €20 million or 4% of turnover for the preceding financial year, whichever is greater. 

Data responsibility

Overall, the scope of GDPR is greater than the Data Protection Act, and it is easier to define the point when breach occurs. More responsibility is placed on the holder and processor of data and full control is firmly with the owner of the data. 


What does the GDPR mean to you?

It is likely to impact:

  • Marketing data and activities

  • HR management

  • Website visitor logging

  • Network security

  • Data storage

  • Insurance

How will Brexit impact GDPR?

When the directive comes into force in May 2018, the UK will still be governed by EU regulations. At a point when the UK leaves the EU, the GDPR directive will be used by the UK as a base for writing a replacement data protection directive. What's more, if UK organisations intend to trade with EU organisations, they will need to adhere to the GDPR, so this matters to most businesses regardless of Brexit.

 Official ICO resources

The Information Commissioner's Office publish a thorough guide and on-line information explaining the new regulation. It is intended cover the scope of the legislation and written in non-technical terms. 

A PDF version can be downloaded from the ICO website here 

The guide includes:

  • Key definitions

  • Data protection principles

  • Access request obligations

  • Personal preferences regarding receipt of marketing information

  • Keeping data up to date

  • Compensation

  • Security

  • Processing conditions

  • Exemptions

  • Complaints handling

  • Data management 


To find out more, come to one of our informational events.

We will explain more about trhe impact of this legislation, discuss the practical steps to help with compliance and provide useful insights in to the challenges of the GDPR.

Click here to find a local event