GDPR compliance planning
GDPR compliance planning

The following Risk & Compliance guidance note provides comprehensive and up to date legal information covering:

  • GDPR compliance planning
  • Does the GDPR apply to your business?
  • What data is covered by the GDPR?
  • ICO fees
  • Is your business GDPR compliant?
  • Awareness
  • Data mapping
  • Data protection officer
  • Role of data processors
  • Consent
  • more

Brexit: As of exit day (31 January 2020), the UK is no longer an EU Member State, but it has entered an implementation period during which it continues to be treated by the EU as a Member State for many purposes. The UK must continue to adhere to its obligations under EU law, including in relation to data protection, and the ICO has confirmed the GDPR will continue to apply during the implementation period. For more information, see: Practice Note: Brexit—implications for data protection.

The EU General Data Protection Regulation (GDPR), in force in the UK from 25 May 2018, represents the first major overhaul of data protection law in 20 years, during which time technology and the use of personal data have changed beyond all recognition.

The challenge of complying with the GDPR should not be underestimated, nor should the consequences of failing to do so—the potential for fines of €20 million or 4% of annual global turnover.

Does the GDPR apply to your business?

The GDPR applies to all EU organisations that handle personal data. As it is virtually impossible to operate a business without handling personal data, it's probably safe to assume your organisation is caught by the GDPR.

The GDPR also applies to organisations outside the EU that offer goods or services to individuals in the EU. This represents