Much has been made about the complexities of complying with GDPR, however in reality for most businesses compliance can be achieved through some common sense business practices and a written policy relevant to your business.

What is GDPR

The General Data Protection Regulation (GDPR) came into effect in May 2018 and the relevant UK legislation is the Data Protection Act 2018.

GDPR imposes certain obligations on companies and other organisations, which process personal data relating to individuals. The majority of businesses will have to comply with GDPR, which requires adjustments to business processes, documents and cultures.


On Going GDPR Compliance

GDPR is not a tick in the box exercise; the (Information Commissioner Office) ICO requires organisations to implement a culture change and develop processes and policies, which embeds GDPR principles throughout the organisation.

It is recommended that organisations review and if necessary updated their GDPR policy (privacy policy) at least once a year. GDPR legislation is still in its infancy so it is important to keep up to date with any case law and new guidance provided by the ICO and ensure your business policies and procedures are amended accordingly.

The ICO website is very helpful and we recommend all businesses to refer to it and check if they need to register with the ICO.