GDPR, General Data Protection Regulation


Since the ‘Millennium Bug’ it has felt like there is always an event or new piece of legislation coming down the pipeline which is set to cause a major impact to all businesses or shake up a particular sector. Having only just caught our breath after Auto Enrolment, we are now presented with GDPR (General Data Protection Regulations) which comes into force in 2018 and which is commanding significant column inches in the press.

For those of you not aware of GDPR, it is likely to touch most businesses because it is primarily concerned with the storing and use of data – securely and with full permission from the individual concerned. Like Y2K, Auto Enrolment and RTI for payroll, there are many early runners on GDPR; consultancies and businesses making much of the risks, penalties and fines that may be incurred for non-compliance and there is an awful lot of misinformation already doing the rounds. You could also make a full-time job of attending GDPR seminars, as each sector tries to put its spin on the subject and explain how they can help you.

From our perspective, as ever, we want to provide sound and well considered guidance. So, over the next few months we are going to seek to distil the detail and help you prepare by providing relevant and timely information.

To get you started here are the headline facts:

  • GDPR does need to be considered by every company
  • The effective date is 25th May 2018 in the UK
  • GDPR is an EU regulation but the UK Government has confirmed it will be adopted fully, regardless of Brexit outcomes
  • Bigger companies or those holding/dealing with significant data volumes need to act sooner as the impact is likely to be bigger on them
  • GDPR goes deeper than previous data protection rules and considers things like licence dates for data use, explicit permission and the secure storage of confidential waste
  • GDPR increases the maximum fine that can be levied by the ICO (Information Commissioners Office) from current £500k to either €20m or 4%. The biggest fine handed out by the ICO to date is £400k and many are scaremongering with these new maximum limits

If you are concerned about the potential impacts on your business, please contact us in the first instance. We will be working with our network of contacts up to the effective date to provide introductions where necessary and to supply information via the Insider newsletter about the reality of GDPR implementation.