Only a year to go before GDPR - Carson McDowell advises on steps to take to get ready.

11 May 2017


Interest in data protection compliance is increasing, with only 12 months to go until the largest reform in Data Protection Law, the General Data Protection Regulation (‘GDPR’) comes into force. For the past 4 years the regulation has taken shape as it has passed through the European Institutions but the implementation date always seemed so far away. Now it is only 12 months away.

The GDPR will apply in the UK from 25th May 2018 and the UK Government has confirmed that Brexit will not impact on the commencement date.

If your organisation has started on the journey of understanding what the requirements of the GDPR are, well done If you haven’t, don’t panic. Now is the perfect time to take action. The ICO have produced a really helpful 12 steps to take now guide.

If that still feels like too much we would suggest you take a really simple approach to preparing for the GDPR: -

  • Think about the personal information used by your organisation. Where do you keep the information, how is it used and how long do you keep it for? You can’t start to comply with the changes if you don’t understand the personal information which your organisation holds;
  • Start to think about your staff. Have your staff had Data Protection training and do they need any further training? Are all staff aware that changes are coming down the line?; and
  • Think about your IT systems and make sure you have the right systems in place to keep information secure, to detect, notify and investigate that personal data breach is if one occurs.

Once you have completed these three steps you will be in a much better position to properly address the reasonable and proportionate steps required by your organisation to ensure you comply with the changes brought in by the GDPR. If you would like any further information or advice, please do not hesitate to contact one of the Information Law Team at Carson McDowell.