Data Protection Regulations

Saturday, 24 February 2018 20:43

The introduction of General Data Protection Regulations (GDPR) is the biggest shake up in data protection and privacy rules in 20 years and you need to make sure your business is prepared. Here member Charlotte Beeley, Employment Solicitor, for and on behalf of MLP Law, explains.

What employers need to know about the new General Data Protection Regulations

What is GDPR?

Despite Brexit, the UK is going to implement GDPR and they will come into force on 25 May 2018. It is the new regulation covering data protection and the use of personal data by businesses across the EU. It replaces the Data Protection Act 1998.

The regulations will apply to all companies processing personal data and in particular those businesses offering goods and services and monitoring behaviour, within the EU (or in relation to an EU national outside the EU).

The philosophy behind GDPR is that data relating to individuals (Data Subjects), belongs to the individual and not the person controlling or processing the information.


Significant penalties can be imposed on companies for not complying with GDPR, including fines of up to €20 million or 4% of the annual global turnover of the company, whichever is greater. Employers should prepare for the following changes to avoid being subject to the new enforcement penalties.

Privacy Notes

Under GDPR, employers need to provide employees and job applicants with more detailed information in relation to their personal data, such as:

  • How long the data will be stored for;
  • Whether the data will be transferred to other countries;
  • Details on the right to make a subject access request;
  • Information on the right to have personal information deleted or rectified.


GDPR creates more prescriptive requirements for obtaining consent to hold personal data than the Data Protection Act 1998. Companies must get consent from an individual before processing and holding personal data. Any request for consent must be intelligible and easily accessible using clear and plain language.


Should there be a serious breach of personal data under GDPR, a breach notification must be provided to the data protection authority within 72 hours. However, notification does not need to be made if the breach is unlikely to result in a risk to the rights and freedoms of individuals.

Data Protection Officers

A Data Protection Officer (DPO) is a new role created under GDPR. DPOs will have responsibility to maintain certain documentation and to conduct a data protection impact assessment for riskier processing. A DPO must be appointed where:

  • Processing is carried out by a public authority; or
  • There are regular, systematic monitoring of data subjects on a large scale.
The DPO will be centre of data protection and will be responsible to Data Subjects.

How can employers prepare now?

Co-operation and understanding of the new GDPR within a company is crucial. It will require a combined approach from a number of departments, such a, HR, IT and compliance.

From an HR perspective, employers should:

  • Carry out a data audit and assess the current HR data they hold;
  • Review their current privacy notices and update them in order to comply with GDPR;
  • Check if the consent to process data meets the GDPR requirements;
  • Determine whether or not a DPO must be appointed.

Now more than ever Data Protection is a general regulatory duty for all businesses. It is inappropriate to regard it as being a concern of the IT or HR departments. Businesses must also consider personal data that is processed on behalf of customers and third parties, as well as employees.

We are offering bespoke training for businesses on the new General Data Protection Regulations. If you are interested in this or would like to discuss points raised in this blog, then contact us on 0161 926 9969 or by email on This email address is being protected from spambots. You need JavaScript enabled to view it..

Don't forget to follow our twitter page @HRGuruUK for regular updates on Employment Law.

Mlp LawColour

MLP Law Limited

7 Market St,
WA14 1QE

Contact: Charlotte Beeley

Successful outcomes for you and your business

Add to Favorites

Evelyn A poet has been born ...

Read more
69b5f85da08d181d48515c6d41e3e0a5 XS

Redeveloping the relationship between busine...

Read more
F84d217853d263e771f2d4ffc4c6fcef XS

How to plan your dream break to South East A...

Read more
0243cbf1978673fe443d7558de6ab4f0 XS

The Health and Safety Executive (HSE) have i...

Read more
9e02f79f72eca3ca589ae757d97a7173 XS

Vocational Skills Solutions partners with WW...

Read more
Da89514e409822180ac867ab6712269d XS

BBC members support WWTW Cumbrian Challenge...

Read more
Fc2062aef352f80dc2215f346ba9ce28 XS