Skip to main content

Insight article

August 17, 2017

GDPR: Are you ready?

After four years of wrangling, the EU’s General Data Protection Regulations come into effect from 28 May 2018. That gives everyone affected less than a year to make sure they are ready for the changes, and that they comply to the letter of the law.

Currently, the UK has the Data Protection Act 1998 in force. This, however, will be superseded by the new GDPR regulations, with bigger fines for non-compliance and giving people greater say over what information is retained by companies and what they do with that data. It’s also designed to unify data protection regulations across the EU.

But aren’t we leaving the EU?

We are, but because the GDPR comes into force before we shut the door and return the keys, they will still apply even after we’ve left. That means you must comply, whether you’re a Remainer or a Brexiteer.

What do I have to do under GDPR?

Firstly, make sure everyone in your organisation is aware of the changes, especially key decision-makers and those directly responsible for collating and managing data.

Make sure you have a record of the kind of data you hold, where you got that data from, and who you share it with. That may mean an information ‘audit’ that also checks on your processing activities and how you log the use of data stored. Suppose you have inaccurate data that has been shared with other organisations. In that case, you must tell them about the inaccuracies so that data can be corrected downstream and within your own organisation.

You will need to review your privacy notices and plan any changes that may need to be added. Under the new regulations, you must:

  • tell people who you are and how you intend to use their data,
  • demonstrate that you have a lawful basis for processing their data,
  • explain how long you will hold that information, and
  • Inform individuals that they can complain to the ICO if they are unhappy with how you handle their data. Check the ICO’s Privacy notices code of practice for more information.

Individuals’ rights under GDPR

Most importantly, you must ensure that your procedures ensure the rights of individuals whose data you hold. The new GDPR means that individuals have:

  • the right to be informed what data is being held about them;
  • the right to access that information;
  • the right to ensure any mistakes are rectified and corrected;
  • the right to have information that is not relevant erased;
  • the right to restrict the way the data is processed;
  • the right to object to having their data held; and
  • the right not to be subject to automated decision-making, including profiling.

An additional right is a right to data portability, which only applies to personal data provided by an individual, where processing is based on the individual’s consent for the performance of a contract, and when automated methods carry out the processing.

These procedures are key to compliance with the new regulations, so it’s vital that you check you’re up to date before 28 May 2018.

Access to data under GDPR

One of the most important procedure changes is allowing access to data. Compliance is now restricted to a month rather than 40 days, and you cannot charge (in most cases) for complying with a request. If you refuse a request for data access, you must provide a valid reason.

You must also identify the lawful basis for your data processing activity and update your privacy notice to explain it clearly.

Protection for Children under GDPR

For the first time, the new GDPR rules include special protection of children’s personal data, particularly for social networking. If data is to be collected on children under the age of 16, then parental or guardian consent must be sought first.

Data breaches – what to do if your data is hacked

Hacking is a huge issue, and personal data protection is key. Some organisations are already required to notify the ICO and other bodies (such as the Police) if there is a data breach. The new legislation introduces a duty of care on all organisations and even individuals to report data breaches to the ICO if there is a possibility it could result in personal information leading to financial or personal damage, discrimination, or damage to reputation. It’s time for all companies to take cyber security seriously, especially regarding the personal details of customers, clients, or even patients.

If you’re unsure as to how the new regulations may affect your business, talk to an expert. They will be able to review your current policies and procedures and recommend where you can make changes to ensure you comply with the new regulations. Remember, you only have until 28 May 2018 to prepare for GDPR, so acting now is important.

Speak to data specialist Karen Cole today.

Note: This is not legal advice; it provides information of general interest about current legal issues.

Stay in touch

Subscribe to our newsletter

Stay in touch

By completing your details and submitting this form you confirm you are happy for us to send you marketing communications and that you agree to our Website Privacy Policy and Legal Notice and to us using Mailchimp to process your data.


Sending

News/Insight

  • Double jeopardy of digital asset inheritance planning amid probate delays
    Hidden digital assets and mounting interest on inheritance tax bills are creating a costly double risk for families dealing with estates following the death of a loved one, as probate delays continue to impact thousands across England and Wales, addi


    Read more

  • Deal or no deal? Keeping negotiations on track
    How to keep commercial deals on track with Heads of Terms, NDAs and exclusivity, improving efficiency, reducing risk and avoiding delays.


    Read more

  • Rights and wrongs: How AI is reshaping Employment Tribunal claims
    AI may be a familiar presence in the workplace, but it’s now starting to appear somewhere less expected: the Employment Tribunal (ET). Grayson Stuckey explores this trend – and what it means for employers.


    Read more

  • Renters’ Rights Act: why process and paperwork matter more than ever for landlords
    The Renters’ Rights Act has now passed into law, marking one of the most significant shifts in the private rented sector in a generation. Most of the new measures will take effect in May 2026, with a national landlord database to follow later in th


    Read more

  • Understanding the Roles of Executors and Trustees
    When making a will, you place significant trust in those appointed to carry out your wishes. Executors and trustees are key roles, often held by the same people, but their responsibilities differ. Understanding these roles and their obligations helps


    Read more

What they say...

  • W Sandover, April 2026
    Boundary Wall dispute “Although (for complex, not relevant) reasons, this matter never reached the point of either negotiations or a court case, Barker Gillette staff provided us with excellent support. I would certainly go back to them in the

  • Client, April 2026
    Excellent suppy “Karen Cole supported me through a difficult time with warmth and professionalism. She made the entire process as smooth as possible, responding quickly to communication and giving clear advice. I would highly recommend Karen to

  • Client, April 2026
    So helpful! “Pippa Marshall listened and offered supportive, practical advice. She was very friendly, easy to talk to and did not pressure me to make any costly decisions during my free 30-minute consultation. I would definitely recommend Pippa

  • Nika Franke-Matthecka, April 2026
    “We had an excellent experience working with Michael Davies and his team on the sale of our property. They were efficient, knowledgeable, and highly diligent throughout the entire process. Communication was always prompt and clear, which made w

  • Paul Woodman, March 2026
    Will writing “Excellent service from start to finish. Efficient and good value. Charlotte was very professional, knowledgeable and understanding.”

Read more
 
Send this to a friend