What is General Data Protection Regulation (GDPR)?

GDPR Compliance - are you ready?

On the 25th May 2018 the General Data Protection Regulation came into effect and became law. This impacts all businesses meaning that we must all be compliant with all new legislation and we must meet the new requirements.  It is a European law and includes the UK; this will remain in place even once we leave the EU.

The GDPR has been brought in to reflect more modern times including the electronic process we use to collect and store data. It is also to give individuals greater control over their own personal data. However it is not just for those who use modern technology, the law affects any business which uses a highly structured filing system – in short any setting who needs to process and store away personal data as part of their responsibilities. Personal data can include information which can identify a person including names, addresses, date of birth, invoices and e-mail addresses etc.

The GDPR Principles.

All businesses have a responsibility to ensure that that they are gathering and processing data mindful of the rights of the “owner” of that data. They must ensure that the data is valid and processed with care and that all due care and attention is paid to securing all elements of the data processing chain.

Lawfulness of Processing Data.



All consent to collect or store data must be freely given, should be unambiguous and can be withdrawn at any time. Consent must now be freely given so pre-ticked boxes will no longer be used; people must now be able to opt in rather than opt out.



Any Data collected must fall into one of the 6 Lawfulness of Processing Data categories (see above). If not you can ask for explicit consent, which can be withdrawn at any time. Of course there will be some Acts which we must adhere to over and above GDPR e.g. the Children’s Act.



Businesses are obligated to notify the ICO of a data breach within 72 hours of becoming aware of the breach. It is understood there are fines are in place for failing to follow correct procedures for a breach in data.

There is help at hand!

I am in no way a GDPR expert. There are rules and regulations on how websites should be build in order to comply with new EU GDPR legislation but websites are just a piece of your business puzzle. You may be able to get advise or suggestions from fellow business colleagues, your accountant or maybe your Solicitor, but there is nothing like getting clear, definitive information from an expert.

In order to undertake our own GDPR audit and compliance activities I was fortunate to be signposted to a lady called Suzanne Dibble. Suzanne is a multi-award winning business lawyer who consults multi-nationals on data-protection law and GDPR.

The Legal Services Board and the Law Society have heralded her innovative approach to helping small business owners with complex regulations and her approach to aiding businesses towards their own GDPR compliance has been of huge benefit to all who have come across her.

There has been a lot of scaremongering and hype about GDPR (with the headline fines of 20m) but Suzanne’s practical, balanced approach, and her templated pack, makes the whole process much clearer and more straightforward.