The clock is ticking. Are you ready for GDPR?

Back to HubNext ArticlePrevious Article

The clock is ticking. Are you ready for GDPR?

To share this article:

In our previous articles we addressed the impact of the General Data Protection Regulation (“GDPR”) for businesses that use or handle personal data. GDPR is a significant change affecting almost every business but the impact will be different depending on the nature and size of the business - there is no “one size fits all” solution.

GDPR comes into force on 25 May 2018 so it’s not far away. However, becoming GDPR compliant is not the end of the story. As each business evolves it will need to regularly monitor its compliance to make sure it continues to meet its legal obligations.


With the deadline approaching you should by now have taken steps to review, and where necessary, upgrade your existing data protection policies, procedures and processes.



Key Steps – Data Audit


By now many of you will have carried out a data privacy audit and prepared a compliance programme based on your gap analysis. Your audit should have enabled you to identify the personal data you collect and how it is used, shared, stored, amended and deleted.

Having reviewed a number of audits there are some key issues that every business should have in mind. These are as follows:


Key Issues


  • Does the size of your business and the volume of personal data it deals with justify appointing a data privacy team and, importantly, a Data Privacy Manager/Data Protection Officer?
  • Has there been a thorough review and testing of your cyber security?
  • Are your commercial contracts up to date in so far as they reference personal and sensitive data issues?
  • Are your data privacy policies and procedures up to date? Don’t forget your Staff Handbook, as staff are expected to know what their responsibilities are and how they should deal with data breaches and access requests – even the obvious needs to be stated
  • Are your data consent forms and privacy notices up to date? Do you have a privacy notice which can be accessed from your website?
  • Have you implemented a training programme for staff and especially bespoke training for leaders, managers and specific roles: they all need to know what is expected of them
  • Have you put in place key documents such as your Data Inventory Record, FAQs for staff and a Data Risk Assessment?

If it helps, we have designed a GDPR Data Health Check Questionnaire which will help you through the questions listed above and many others. From this you should be able to design a compliance programme that meets the needs of your business; one size does not fit all. If you would like a free copy of our questionnaire please email Noel Ruddy.


However, its not all about GDPR!


For those businesses, which undertake marketing by phone, email, text or fax, or use cookies or similar technology you will need to get to grips with the new ePrivacy Regulation which will replace the current Privacy in Electronic Communications Regulation (“PECR”) later this year. The new Regulation complements GDPR. Its aim is to create uniformity across the single digital market. However, whilst the new Regulation aims to simplify rules regarding the use of cookies (there will be no more cookie consent pop ups) browser settings will now be required to give website visitors the option to accept or refuse cookies so that there is no confusion by any individuals exploring websites. It’ll be interesting to see in due course as to how legislators will deal with the many concerns raised by the online media industry.


It’s also worth bearing in mind the new Data Protection Bill, which is currently making its way through Parliament. The Bill will ultimately replace GDPR (as well as making further changes and additions). The date it will come into effect has not yet been confirmed. We will have fun working out when it will apply when we leave the EU!


ICO Annual Fee


On a final note, the ICO annual fee is changing with effect from 25 May 2018. From that date there are tiers which determine the fee in terms of turnover or staff, whichever is higher. If you fail to pay the correct fee it can result in a minimum penalty being incurred of £4,350. There could also be other adverse repercussions too!



If you wish to discuss any privacy aspect please feel free to contact any of our GDPR team who will be able to assist and guide you.



Noel Ruddy Bhavna Patel Ian Lindley Laura Sutton

The content of this webpage is for information only and is not intended to be construed as legal advice and should not be treated as a substitute for specific advice. PDT Solicitors LLP accepts no responsibility for the content of any third party website to which this webpage refers.

Back to HubNext ArticlePrevious Article

Related Content

PDT Solicitors Accredited and Award Winning


This site uses cookies.

Some of these cookies are essential, while others help us to improve your experience by providing insights into how the site is being used.

Necessary Cookies

Necessary cookies enable core functionality. The website cannot function properly without these cookies, and can only be disabled by changing your browser preferences.

Analytical Cookies

Analytical cookies help us to improve our website by collecting and reporting information on its usage.