Data Protection Regulations

Saturday, 24 February 2018 20:43

The introduction of General Data Protection Regulations (GDPR) is the biggest shake up in data protection and privacy rules in 20 years and you need to make sure your business is prepared. Here member Charlotte Beeley, Employment Solicitor, for and on behalf of MLP Law, explains.

What employers need to know about the new General Data Protection Regulations

What is GDPR?

Despite Brexit, the UK is going to implement GDPR and they will come into force on 25 May 2018. It is the new regulation covering data protection and the use of personal data by businesses across the EU. It replaces the Data Protection Act 1998.

The regulations will apply to all companies processing personal data and in particular those businesses offering goods and services and monitoring behaviour, within the EU (or in relation to an EU national outside the EU).

The philosophy behind GDPR is that data relating to individuals (Data Subjects), belongs to the individual and not the person controlling or processing the information.


Significant penalties can be imposed on companies for not complying with GDPR, including fines of up to €20 million or 4% of the annual global turnover of the company, whichever is greater. Employers should prepare for the following changes to avoid being subject to the new enforcement penalties.

Privacy Notes

Under GDPR, employers need to provide employees and job applicants with more detailed information in relation to their personal data, such as:

  • How long the data will be stored for;
  • Whether the data will be transferred to other countries;
  • Details on the right to make a subject access request;
  • Information on the right to have personal information deleted or rectified.


GDPR creates more prescriptive requirements for obtaining consent to hold personal data than the Data Protection Act 1998. Companies must get consent from an individual before processing and holding personal data. Any request for consent must be intelligible and easily accessible using clear and plain language.


Should there be a serious breach of personal data under GDPR, a breach notification must be provided to the data protection authority within 72 hours. However, notification does not need to be made if the breach is unlikely to result in a risk to the rights and freedoms of individuals.

Data Protection Officers

A Data Protection Officer (DPO) is a new role created under GDPR. DPOs will have responsibility to maintain certain documentation and to conduct a data protection impact assessment for riskier processing. A DPO must be appointed where:

  • Processing is carried out by a public authority; or
  • There are regular, systematic monitoring of data subjects on a large scale.
The DPO will be centre of data protection and will be responsible to Data Subjects.

How can employers prepare now?

Co-operation and understanding of the new GDPR within a company is crucial. It will require a combined approach from a number of departments, such a, HR, IT and compliance.

From an HR perspective, employers should:

  • Carry out a data audit and assess the current HR data they hold;
  • Review their current privacy notices and update them in order to comply with GDPR;
  • Check if the consent to process data meets the GDPR requirements;
  • Determine whether or not a DPO must be appointed.

Now more than ever Data Protection is a general regulatory duty for all businesses. It is inappropriate to regard it as being a concern of the IT or HR departments. Businesses must also consider personal data that is processed on behalf of customers and third parties, as well as employees.

We are offering bespoke training for businesses on the new General Data Protection Regulations. If you are interested in this or would like to discuss points raised in this blog, then contact us on 0161 926 9969 or by email on This email address is being protected from spambots. You need JavaScript enabled to view it..

Don't forget to follow our twitter page @HRGuruUK for regular updates on Employment Law.

Mlp LawColour

MLP Law Limited

7 Market St,
WA14 1QE

Contact: Charlotte Beeley

Successful outcomes for you and your business

Add to Favorites

Recent research carried out by the insurance...

Read more
0e17febd522cd9389b04ce5c00f25aec XS

Ian Cartwright Shoots Tasty Sweet Interiors ...

Read more
806b6e1806566ad52df50ee6cecd90ef XS

Having been a member for 7 years I knew the ...

Read more
C4416d79eef6dd018bcee3cd8b8ba561 XS

Bowdon Business Club support their charities...

Read more
4739b6c64144f72975550c5e8df1b948 XS

How to get back on track with your New Year ...

Read more
0e8bfd1d071657cbc63f9ace1550f1f3 XS

Finding the right place to start living a he...

Read more
4ccbd8f9cf85039af7a26ff5d030e033 XS