Machins Solicitors LLP
Leading Solicitors in Bedfordshire, Hertfordshire & Buckinghamshire
  • Luton: 01582 514000
  • Berkhamsted: 01442 872311
  • Hemel Hempstead: 01442 345047

General Data Protection Regulation

The EU General Data Protection Regulation (GDPR) creates a wider definition of personal data than the Data Protection Act and became enforceable on 25th May 2018. It covers all organisations in the public, private and non-profit sector and applies throughout the EU and beyond, even if the business itself is not based in the EU.

Does the GDPR apply to my business?

If your business processes personal data (i.e. any data relating to a data subject and from which he/she can be identified) within the EU, your business should take steps to comply with the GDPR. Processing data could be by collecting personal data via an enquiry form on your website, using email marketing to target new customers or communicate with existing clients or outsourcing your payroll or pension provision. In practice, most businesses will, in some way or other be processing personal data. Your business needs to have evidence in place that it is complying with the GDPR. That can only be done by having the necessary policies, procedures and training in place to ensure that you are taking steps to comply with the principles of the GDPR as set out below.

Principles of the GDPR

Under the GDPR, personal data must be:

It is also worth noting some of the wider ranging changes compared to the current Data Protection Act:

What should businesses be doing?

If you already comply with the Data Protection Act then you have a starting point for compliance with the GDPR and you may be familiar with some of the language used. In terms of the practical points of what you should be doing, we suggest the following:

Our corporate commercial team can help provide practical advice and support to ensure your business is fully GDPR compliant.