On Air Chris Kirk The Bay Drivetime Email Call: 01524 848969 2:00PM - 7:00PM
Now Playing Clean Bandit And Julia Michaels I Miss You Download
Listen Live

Is Your Business Ready For The General Data Protection Regulation?

Baines Wilson expert Tom Scaife

The General Data Protection Regulation (GDPR) comes into force on 25 May 2018 and will apply to EU organisations and any company offering goods, services or marketing to EU citizens.

The new rules will build upon current privacy regimes including the Data Protection Act 1998 and aims to strengthen an individual’s right with regard to their personal data. 

Data protection is no longer a tick-box compliance task, with an increasing number of companies finding their way into the mainstream media due to data breaches. Such exposure can damage reputation. 

The driver behind the GDPR is to create a culture change where organisations are forced to think about how they would want their own personal information processed and to adopt this attitude when handling customer, employee and other personal data. The GDPR introduces a principle of accountability as a freestanding principle, requiring businesses to take a more proactive and answerable approach towards compliance. 

Whilst many of the GDPR’s main concepts are the same as the existing Data Protection Act, there are new elements and significant enhancements, so there will be new principles that businesses will have to grapple with for the first time.

Any business which is in breach of the new GDPR could face significant fines of up to €20m or 4% of the organisation’s global annual turnover, whichever is higher. 

Preparing for the GDPR

Businesses can start planning for the implementation of the GDPR by following these top tips: 

•    Understand that the GDPR will significantly change data protection law in the UK when it comes into force.

•    Ensure that the senior management team in your business understand the sanctions under the GDPR. Obtain external training for GDPR awareness and compliance at a senior level.

•    Document what personal data you hold, where it came from and who you share it with. You may want to organise an information audit across your business. 

•    Review your current privacy notices and identify high risk areas in existing data processing – under the GDPR there will be some additional things you will have to expose such as explaining the lawful basis for processing data.

•    Be aware of changes to obtaining consent to process employee data and a greater focus on the legal basis for processing data. You should review how you seek, record and manage consent and whether you need to make any changes.

•    You should check your procedures to ensure they cover all the rights individuals have. On the whole, the rights individuals have under the GDPR are the same as those under the existing Data Protection Act so if your procedures are in place now, the switch should be relatively easy.

•    There will be new record keeping obligations for employers to demonstrate compliance with GDPR requirements. Ensure that your business has transparent internal data protection policies which are endorsed by the senior management team.

•    Your business may want to consider appointing a GDPR compliance co-ordinator or team to implement a compliance plan.

•    If your business operates in more than one EU member state, you should determine your lead data protection authority – this will be in the country where your head office/main business premises are. 

•    Begin to develop a timeline to implement GDPR compliance. The GDPR will become law on 25 May 2018 and this is a hard deadline, your business will need to be compliant from day one.

The GDPR and Brexit 

Brexit isn’t going to save you! The UK will still be a member of the EU when the GDPR comes into force on 25 May 2018 and the Government intends to implement it. 

Even after the UK exits from the EU, the GDPR will still apply to organisations established in the EU and organisations established outside the EU but that process personal data of individuals in the EU to offer goods or services or monitor the behaviours of individuals. 

It is also likely that the UK will seek to maintain data protection legislation similar to the GDPR after leaving the EU. 

If you require any advice on the new GDPR please contact Joanne Holborn, Tom Scaife or Caroline Rayner on 01228 552600/01524 548494. 

More from Sponsored Content: Ask The Experts: Baines Wilson

  • Hot Topics For 2018

    Here, Baines Wilson look at the challenging areas that employers are likely to face in the year ahead.

  • Let's Talk About The Difficult Stuff...

    Baines Wilson LLP, Lawyers for Business, based in Lancaster will hold a seminar on 23 January at Lancaster House Hotel tackling the most difficult issues around mental and physical health in the workplace.

  • Regulating The Gig Economy

    Here, Baines Wilson's legal experts discuss the Autumn Budget and the draft bill on employment status.

  • Non-Payment Of Rent: Steps Available To A Landlord

    Landlords of commercially let premises are often faced with a tenant who cannot or will not pay its rent. In this short article we consider various remedies available.

  • Civil And Commercial Litigation After Brexit

    Our legal experts, Baines Wilson, look at the Government position paper on cross-border civil judicial cooperation post-Brexit.

  • If In Doubt, Say Nowt!

    Providing references is a minefield for employers. On the one hand, you owe a duty to the employee in question to ensure the information it contains is true, accurate and fair. Yet on the other hand, you owe a duty to the recipient.

  • Top Tips for Commercial Landlords

    Letting commercial premises can be a minefield for unsuspecting landlords, particularly when leases are granted without legal advice being sought first.

  • Tackling Tax Evasion: New Corporate Offences

    Part 3 of the Criminal Finances Act 2017 came into force on 30 September 2017 introducing two new strict liability corporate offences for failure to prevent the facilitation of tax evasion.

  • Available on the App Store
  • Available on Google Play
A6 Lancaster Road - Carnforth, Lancashire

Slow traffic on A6 Lancaster Road at B6254 Market Street Traffic Lights.

Recently Played on The Bay
  • Aerosmith

    I Don't Want To Miss A Thing

  • James Arthur


  • Shaggy

    It Wasn't Me