Data Protection is changing – what you need to know

//Data Protection is changing – what you need to know

Data Protection is changing – what you need to know

The mention of data protection might mean that your eyelids start drooping but try and stay awake long enough to read this article so that you know what to do before 25 May 2018 when the new data protection rules come into force in the UK.

Any business which controls or processes data will need to prepare now to ensure that it will be able to comply with the new EU General Data Protection Regulation (GDPR) and the new Data Protection Act later this year. The new laws require organisations to be more proactive and give more consideration to how and why they store, use and even destroy personal data.

Taking the steps below will ensure that you are not caught out by the changes, for which large fines (which could be up to £20m, or even more depending on business turnover) can be imposed for a breach of the new laws.


8 Steps for businesses to prepare for DPA changes

  1. Ensure that your business is registered as a data controller with the Information Commissioner’s Office – all businesses must be registered and failure to register is a criminal offence
  2. Carry out a data audit to identify all personal information held, how it was collected, whether and why it needs to be retained, and what it will be used for in future
  3. Identify whether consent has been given to the use or storage of the personal data you hold and the scope of the consent given (keep a paper trail as evidence of consent) – develop a system for asking for and recording consent in future
  4. Prepare or update and issue “privacy notices” to anyone whose data you control, eg. staff and contractors – the new laws impose stricter requirements on organisations to inform those whose data they hold about their rights and why they hold the data
  5. Arrange for your data protection policy and code of conduct to be updated and inform staff about the changes
  6. Review contracts to ensure compliance with the new laws – blanket consent in employment contracts will need to be modified and you will need to ensure any organisation processing data on your behalf complies with adequate data protection standards
  7. Devise a data breach response programme as any future significant data breaches must be reported to the authorities within 72 hours
  8. Assign responsibility for data protection compliance to a senior manager and provide relevant training for the responsible person and all other staff in your business.


If you require any further advice or assistance with the above steps, please contact Caroline Banwell.

By |2018-01-18T20:54:46+00:00January 18th, 2018|Uncategorized|0 Comments

About the Author:

Caroline Banwell
Caroline Banwell (LL.B. Hons.) trained and worked initially as a solicitor for a major London law firm. She has advised a wide variety of clients from SMEs to multinationals and from small primary schools to Cambridge Colleges. As well as considerable knowledge of the business and education sectors, she has also worked extensively for the charity sector and was recommended in the Charities and Not for Profit section of the 2017 Legal 500 for her work heading the Cambridge office employment team at leading charity and education firm, Stone King. Caroline collaborates with other Cambridge HR consultants on project work from time to time. Caroline gives advice through Harmony HR Solutions Limited as an HR consultant and not as a solicitor and Harmony HR Solutions Limited is not regulated by the Solicitors’ Regulation Authority. Caroline works as a solicitor for Kesteven Partners Limited which is a law firm regulated by the Solicitors’ Regulation Authority.

Leave A Comment