Share This Post

There is a lot of buzz at the moment around GDPR (General Data Protection Regulation). Perhaps because not many people fully understand this new legislation, but also because it seems to have wide-reaching ramifications for businesses.

What is GDPR?

GDPR could, for some companies, entirely change how they process and control data. However, Elizabeth Denham, the UK’s information commissioner, emphasises that businesses should not listen to scaremongering: “The GDPR is a step change for data protection,” she says. “It’s still an evolution, not a revolution”. For businesses already complying with existing data protection laws the new regulation is only a “step change”.

Our current data protection legislation was written in the 1990’s – just think of how much change has happened with the upsurge of the internet, smartphones and social media. GDPR will change how personal data can be used by businesses and will be overseen by the ICO (Information Commissioner’s Office).

What’s new?

  1. Reach: companies across EU will have to comply but also their subsidiaries outside the EU.
  2. Accountability: companies no longer have to register with ICO but the onus is on each business to show that they keep data secure, accurate and up to date; include data protection as part of decision-making; and processes implemented and checked regularly. ‘High risk’ processing (sensitive data or high risk of loss) will require a Privacy Impact Assessment.
  3. Data breach notifications: businesses must notify the ICO within 72 hours when a breach has occurred which is likely to result in risk to rights and freedoms.
  4. Data Processors: will also have a direct obligation to implement technical and organisational measures; report breaches to the Data Controller (which may be your client); keep records of processing activities. Businesses may wish to consider Cyber Insurance since most office insurance policies will not cover loss of data.
  5. New rights for people to access the information companies hold about them. These include the right to see the information the company holds, have their information transferred to another company at no cost and to be deleted.
  6. Consent: people must freely give consent (not tied to a reward) in a specific, informed, unambiguous way and must be able to withdraw any time.
  7. Increased enforcement powers: there will be maximum fines for Controller or Processor of up to 4% annual worldwide turnover or €20M (whichever is greater) for serious and persistent data breaches.

When does GDPR take effect?

GDPR regulations will not be implemented until 25th May 2018, however, companies need to be compliant by that date and for many there will be lots of work needed, so now is the time to plan!

How should we prepare?

Start preparing for GDPR by taking these initial steps:

  1. Document and review processes and data flows – consider encryption
  2. Update data policies, handbook and notices – consider Cyber Insurance
  3. Staff training
  4. Review and update contracts
  5. Review and update security measures
  6. Carry out data protection audits / risk assessments and test
  7. Sign up to codes of conduct / certifications


BrookStreet des Roches and Riverbank IT seminar, visit Riverbank’s website for more info:


More To Explore

join our team
Latest News

We’re hiring!

Finance Assistant (hybrid working) full-time or part-time, Grove Business Park to start ASAP Business Garage is an exciting, dynamic, growing company offering a wide range

bookkeeping for a start-up

Top tips: bookkeeping for SMEs

Setting up and running your own business is extremely exciting but if you neglect your bookkeeping, you run the risk of your business failing. Business

Book a free, no-obligation consultation

Arrange a chat with one of our team

Outsource to Business Garage

Interested in more information or want to chat with one of our team? Fill in the form below and we'll be in touch!

All over the UK, businesses like yours are planning for better times. After a year of disruption and interruption, their focus is on rebuilding as quickly as possible. We can help.

Our five-point REVIVAL plan is designed to help businesses recover lost ground, maximise their profits, and secure their future.

Through our REVIVAL programmes we focus on the following five key areas:

  • Financial management
  • Operations
  • People
  • Digital transformation
  • Marketing

The first step is a complimentary one-hour strategy session that enables us to understand your business and your challenges better.

Following this we will present our action plan.

Fill in the form now tand book your complimentary REVIVAL strategy session.

Outsource to Business Garage

Interested in more information or want to chat with one of our team? Fill in the form below and we'll be in touch!