For general enquiries +44 (0)808 169 4320
  • Get in touch
  • About

    Birketts is a full service legal firm with offices throughout the East of England and in London.

    Whatever the challenge, we're here for you. As a proactive partner, we're always thinking about the changes and opportunities that you or your business will face, taking you to the next level.

    • Discover Birketts
    • Leadership Team
    • Offices
    • Environmental Social Governance
    • Compliance

    Our Culture

    Awards

  • Sectors
    • Agriculture
    • Banking & Finance
    • Care Homes
    • Charities & Not for Profit
    • Ecclesiastical
    • Education
    • Energy & Utilities
    • Family Business
    • Food
    • Healthcare
    • Housebuilders
    • Insurance & ReInsurance
    • International Services
    • Leisure & Tourism
    • Local Government
    • Motor Industry
    • Public Sector
    • Real Estate Investment
    • Retail
    • Shipping & International Trade
    • SIPPs / SSASs
    • Social Housing
    • Transport & Logistics
  • Services
    Services for business Services for individuals
    for business
    for individuals
    for business
    • Agriculture
    • Banking & Finance
    • Commercial Property
    • Commercial & Technology
    • Competition
    • Construction & Engineering
    • Corporate, Mergers and Acquisitions
    • Data Protection Services
    • Employee Incentives
    • Employment
    • Franchising
    • Health & Safety
    • Immigration Services
    • Intellectual Property
    • International Services
    • Litigation & Dispute Resolution
    • Planning & Environment
    • Property Disputes
    • Public Inquiries
    • Regulatory & Corporate Defence
    • Restructuring & Insolvency
    • Shipping & International Trade
    • Tax
    for individuals
    • Agriculture
    • Construction
    • Contentious Trust & Probate
    • Court of Protection
    • Data Protection Services
    • Dispute Resolution
    • Employment
    • Estate Planning & Wills
    • Family
    • Financial Crime
    • Immigration Services
    • International Services
    • Leasehold Enfranchisement
    • Motoring Offences
    • Personal Taxation
    • Private Criminal Defence
    • Probate
    • Property Disputes
    • Public Inquiries
    • Residential Property
  • Our People
  • Insight

    Legal Updates

    News

    Newsletters

    Events

    Webinars

    Podcasts

    Shaping excellence

  • Join us
    • Current Vacancies
    • Our Story
    • Life at Birketts
    • Learning & Development
    • Benefits at Birketts
    • Environmental Social Governance
    • Recruitment Contacts

    Graduates

    Business Services

    Legal Secretaries

    Lawyers

  • Home
  • Legal Updates
  • Compliance: GDPR compliance step plan
Share on
Compliance: GDPR compliance step plan
January 4, 2018

On 25 May 2018 the GDPR comes into effect bringing about the biggest change to data protection laws in over 20 years.

So significant are the changes introduced by the new law that organisations have been given a ‘two year lead-in period’ to ensure that they have sufficient time to bring their processes and systems in line with the new requirements before the 2018 deadline.

With increased media coverage driven by the threat of a headline-grabbing €20m cap on fines, awareness that there is change on the horizon is growing. However, many organisations remain unclear as to what action they need to take, or have underestimated the extent of the work required to update their compliance strategies. Others have put their plans on hold in light of the Brexit vote. With less than a year to go, and clear confirmation that the GDPR will apply regardless of Brexit, organisations are starting to find themselves on the back foot.

The Compliance Step Plan below is designed to assist those who want to know what practical steps they should be taking over the next year to ensure they are ready for the GDPR.

  1. Pick you project team: the work needed to ensure compliance with the GDPR is onerous, time consuming and requires knowledge of every part of the business so try not to put all the responsibility on one person. Ideally your project team should include representatives from marketing, HR, customer services and IT.
  2. Audit your data: to achieve compliance you need to know what data you hold, where it comes from, what you do with it, where you keep it, who you share it with and what happens to it when it is no longer needed.
  3. Update your fair processing notices: whether you refer to them as FPNs, privacy policies, data protection statements or something else entirely, the information that you give to individuals when you collect their data will need to be updated to meet the new information standards in the GDPR.
  4. Review your consent mechanisms: under the GDPR you must meet a higher standard of consent and record how and when consent was obtained, all of which will require some updating to your current systems. Think about whether you actually need to get consent for a particular processing activity at all; remember that there are plenty of other legal grounds for processing such as contractual necessity and legitimate interests which you may be better off relying on instead.
  5. Streamline your SAR process: the GDPR reduces the time for providing a response to a Subject Access Request from 40 days to one month (and abolishes the £10 fee).
  6. Don’t forget the new rights: individuals have new rights under the GDPR, specifically the right to be forgotten and the right to data portability. You need to ensure you understand what these rights involve and how you will comply with them.
  7. Record your processing: from May 2018 you will no longer have to register with the ICO, but you must keep a written record of your processing activities, security measures and data retention practices instead.
  8. Review your contracts: if you appoint someone to undertake data processing on your behalf (e.g. outsourcing payroll) you will need to have written contracts in place containing certain prescribed clauses. Bear in mind that there are specific requirements around international data transfer if your data processor is based, or uses servers located, outside of the EEA.
  9. Appoint a Data Protection Officer: for many organisations this will be a mandatory requirement under the GDPR.
  10. Update your breach procedures: from May 2018 mandatory breach reporting will begin. Most breaches must be notified to the ICO within 72 hours and you must keep a full internal breach register.
  11. Be designed to comply: the GDPR introduces the concept of data protection by design. You need to ensure you are familiar with the concept and understand what it means for your business in practice.
  12. Train your staff: staff awareness is absolutely crucial to compliance. Different staff members will require different training depending upon their role and responsibilities, but all staff will require some basic awareness training around the GDPR at the very least.

To request a copy of our free GDPR Compliance Guide, email [email protected]. Details of our data protection training courses can be found here.

The content of this article is for general information only. For further information regarding the GDPR, please contact Kitty Rosser or a member of Birketts’ Corporate and Commercial Team.

This article is from the January 2018 issue of Upload, our monthly newsletter for professionals with an interest in technology. To download the latest issue, please visit the newsletter section of our website. Law covered as at January 2018.

To keep up-to-date with the latest news, legal updates and seminar information, please register and select the areas that are of interest to you.

Kitty Rosser

View profile

The content of this article is for general information only. It is not, and should not be taken as, legal advice. If you require any further information in relation to this article please contact the author in the first instance. Law covered as at January 2018.

Join us

  • Business services
  • Experienced lawyers
  • Graduates

Information

  • Anti Slavery
  • Cookies
  • Fees
  • Statement

Find us

  • Contact us
  • Our People
  • Offices

Subscribe

  • Subscribe
© Copyright Birketts LLP 2022 All rights reserved
Follow us: