Making sure you are GDPR ready

Fleur Lewis is a partner at Bishop Fleming Accountants Fleur Lewis is a partner at Bishop Fleming Accountants

The General Data Protection Regulations (GDPR) became law on May 25 2018, so it is important to check how these new rules may affect your organisation.

GDPR is a new Europe-wide data protection law designed to offer greater protection around the use and storage of personal data. The rules affect any organisation that handles personal data.

The fact the UK is leaving the European Union in March 2019 does not affect the position, as the government has brought GDPR into UK law.

If your organisation asks for, receives or holds personal information from others (for example the email addresses of your customers and staff), then GDPR applies.

The new regime will be regulated by the Information Commissioner’s Office (ICO), which will investigate breaches of personal data and impose fines on organisations that do not adhere to the rules.

Where to find information

Clear and straightforward guidance on how to comply with the rules can be found on the ICO’s website ( then choose the GDPR option).

The key issue for businesses that collect personal data is the requirement to show how and when they obtained explicit consent for the information they hold from the individuals concerned.

Right of access
Individuals will be able to request, free of charge, a copy of their personal data that is being processed. A ‘reasonable fee’ can be charged for additional copies.

Data breaches
Businesses will have to notify the Information Commissioner’s Office within 72-hours of a data breach taking place if the breach risks the rights and freedoms of an individual. In cases where there is a high risk, businesses must also notify the individuals affected.

The Information Commissioner has new powers to regulate the protection of data, including the ability to issue fines of up to £17m or 4% of an organisation’s global turnover for serious breaches of data. Organisations also face unlimited fines where they intentionally or recklessly identify individuals from anonymised data.

However, the good news is that the ICO has made clear that enforcement is a last resort. Hefty fines will be reserved for those organisations that persistently, deliberately or negligently flout the law.

Action points
Firms will have to record what personal and personally sensitive information they hold in manual and electronic files, along with who is responsible for that data and policies on storage and deletion.

A risk assessment may be required where the processing of information is considered to be on a large scale or risky.

Fleur Lewis

Latest Press Releases

FUSION® Entertainment to showcase state-of-the-art line-up at Southampton Boat Show 2018

14-23 September 2018 | Stand FO14 | FUSION® Entertainment is showcasing its latest range of world-l... Read more

FUSION Entertainment achieves ISO standard

FUSION®, a worldwide leader in marine entertainment, announces it now tests its speakers to the ISO1... Read more

WesCom Signal and Rescue shortlisted for the 2018 Safety at Sea Awards

The world’s leading supplier of marine distress signals, WesCom Signal and Rescue announces it has b... Read more

Torqeedo appoints Engines Plus Ltd as new UK canal boat sector dealer ahead of inland waterways festival, Crick Boat Show

Torqeedo has appointed Engines Plus Ltd, a leading engine dealer, to be the UK dealer for the canal ... Read more

Torqeedo Showcases Latest Innovations in Sustainable Marine Propulsion Technology at Seawork International

Crystal Lake, Ill. – May 23, 2018 – Torqeedo will demonstrate the latest developments in electric ma... Read more

View all