Data Protection Regulations

Saturday, 24 February 2018 20:43

The introduction of General Data Protection Regulations (GDPR) is the biggest shake up in data protection and privacy rules in 20 years and you need to make sure your business is prepared. Here member Charlotte Beeley, Employment Solicitor, for and on behalf of MLP Law, explains.

What employers need to know about the new General Data Protection Regulations

What is GDPR?

Despite Brexit, the UK is going to implement GDPR and they will come into force on 25 May 2018. It is the new regulation covering data protection and the use of personal data by businesses across the EU. It replaces the Data Protection Act 1998.

The regulations will apply to all companies processing personal data and in particular those businesses offering goods and services and monitoring behaviour, within the EU (or in relation to an EU national outside the EU).

The philosophy behind GDPR is that data relating to individuals (Data Subjects), belongs to the individual and not the person controlling or processing the information.


Significant penalties can be imposed on companies for not complying with GDPR, including fines of up to €20 million or 4% of the annual global turnover of the company, whichever is greater. Employers should prepare for the following changes to avoid being subject to the new enforcement penalties.

Privacy Notes

Under GDPR, employers need to provide employees and job applicants with more detailed information in relation to their personal data, such as:

  • How long the data will be stored for;
  • Whether the data will be transferred to other countries;
  • Details on the right to make a subject access request;
  • Information on the right to have personal information deleted or rectified.


GDPR creates more prescriptive requirements for obtaining consent to hold personal data than the Data Protection Act 1998. Companies must get consent from an individual before processing and holding personal data. Any request for consent must be intelligible and easily accessible using clear and plain language.


Should there be a serious breach of personal data under GDPR, a breach notification must be provided to the data protection authority within 72 hours. However, notification does not need to be made if the breach is unlikely to result in a risk to the rights and freedoms of individuals.

Data Protection Officers

A Data Protection Officer (DPO) is a new role created under GDPR. DPOs will have responsibility to maintain certain documentation and to conduct a data protection impact assessment for riskier processing. A DPO must be appointed where:

  • Processing is carried out by a public authority; or
  • There are regular, systematic monitoring of data subjects on a large scale.
The DPO will be centre of data protection and will be responsible to Data Subjects.

How can employers prepare now?

Co-operation and understanding of the new GDPR within a company is crucial. It will require a combined approach from a number of departments, such a, HR, IT and compliance.

From an HR perspective, employers should:

  • Carry out a data audit and assess the current HR data they hold;
  • Review their current privacy notices and update them in order to comply with GDPR;
  • Check if the consent to process data meets the GDPR requirements;
  • Determine whether or not a DPO must be appointed.

Now more than ever Data Protection is a general regulatory duty for all businesses. It is inappropriate to regard it as being a concern of the IT or HR departments. Businesses must also consider personal data that is processed on behalf of customers and third parties, as well as employees.

We are offering bespoke training for businesses on the new General Data Protection Regulations. If you are interested in this or would like to discuss points raised in this blog, then contact us on 0161 926 9969 or by email on This email address is being protected from spambots. You need JavaScript enabled to view it..

Don't forget to follow our twitter page @HRGuruUK for regular updates on Employment Law.

Mlp LawColour

MLP Law Limited

7 Market St,
WA14 1QE

Contact: Charlotte Beeley

Successful outcomes for you and your business

Add to Favorites

Isra Altayar, IA coaching, is excited to ann...

Read more
F68bc1606a499c66a1eabd66e99d6817 XS

Following a tried and tested format our 5th ...

Read more
8376aace7af18ea8cafa499d7e69a6ec XS

Isra Altayar graduated with a BSc in Psychol...

Read more
4653e069ed7369840191e8bf38ab8dc9 XS

Have you been invited to have a ‘prote...

Read more
1519e954ae6bd629544356cae3e51766 XS

How to keep cool and look good during a heat...

Read more
37e725efe26e0487bc83287a1c350936 XS

So many people go through life living for th...

Read more
3119c7be2ab58173062c39c6b8c72ed7 XS