Our website uses cookies to enhance the visitor experience (what's a cookieCookies are small text files that are stored on your computer when you visit a website. They are mainly used as a way of improving the website functionalities or to provide more advanced statistical data.). Are you happy for us to use cookies during your visits?
Please note: continuing without making a choice equates to giving us your consent, which you can withdraw at any time via our cookies policy page.

Getting ready for GDPR

Newsletter issue - October 2017.

The new General Data Protection Regulation (GDPR), which will replace the existing Data Protection Act (DPA), takes effect from 25 May 2018. UK organisations that process the personal data of EU residents need to ensure systems are in place by then to enable compliance with new requirements.

The GDPR is more extensive in scope and application than the current DPA. The Regulation extends the data rights of individuals, and requires organisations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organisational measures.

The GDPR introduces a number of key changes for organisations including:

  • the definition of personal data is being widened, which in turn will bring more data in the regulated perimeter
  • parental consent will be required for processing personal data of children under 16
  • revised rules for obtaining valid consent
  • mandatory appointment of a data protection officer (DPO) for certain companies
  • mandatory data protection impact assessments
  • new requirements for data breach notifications
  • new restrictions on international data transfers
  • new requirements for data portability

The government has confirmed that the UK's decision to leave the EU will not affect the commencement of the GDPR. Enforcing GDPR in the UK will be the responsibility of the Information Commissioner's Office (ICO).

The GDPR applies to 'controllers' and 'processors'. The definitions are broadly the same as under the DPA - i.e. the controller says how and why personal data is processed and the processor acts on the controller's behalf. Organisations that are currently subject to the DPA, are also likely to be subject to the GDPR.

Tough penalties can be imposed for non-compliance - organisations found in breach of the Regulation may be fined up to 4% of annual global turnover or 20m euros, whichever is the greater.

Further information on the GDPR, including details of the compliance requirements, can be found on the ICO website.

  • Auto enrolment icon

    Auto Enrolment

    Workplace pensions rules are changing.
    Be prepared for auto enrolment, see how we
    can help and read up on our guidance notes.

    More

  • Cloud accounting icon

    Cloud Accounting

    With our online bookkeeping packages, our support
    services are only a click away.
    Discover cloud accountancy solutions to bring your finances up to date.
    More

  • Pay less tax icon

    Pay Less Tax

    Our experienced tax advisors can help you
    make the most of your options to reduce
    your tax bills.

    More

  • Make more profit icon

    Make More Profit

    From business plans to management accounts,
    our business services will ensure you are in
    control of your business finances.

    More

  • Source finance icon

    Source Finance

    Our experienced partners can guide you
    in getting the finance you need to make
    your business grow. Read our guides or
    contact us for a free consultation.
    More

  • Outsource your payroll icon

    Outsource Your Payroll

    Let us handle payroll compliance for your
    business. We can deal with HMRC on your
    behalf, and take the stress out of RTI.

    More