GDPR – Five key changes!

GDPR – Five key changes!

With the deadline of 25th May 2018 just around the corner we thought it was a good time to look at the five key changes surrounding the General Data Protection Regulation, and what these mean in real terms for businesses in the UK.


This is arguably the biggest change.Every business must review all of its processes and ensure that they measure up against the Regulation and that privacy is built in by design.This not only represents a change in the way we handle and store data, but also a change in culture whereby the understanding of the importance of data protection becomes embedded in the business. There is no single solution or piece of software that will help avoid those hefty fines, but ignoring the Regulation isn’t an option either.


The change that is making companies sit up and take note is the increased penalties that the Regulation will usher in. Under the current Data Protection Regulation these sit at a maximum of £500,000. These will be 20 million Euros or 4% of the global annual turnover – whichever is greater.

Duty to report

A major change is the duty to report the loss of, or unauthorised disclosure of or access to personal data . The ICO advises that businesses should be preparing now by ensuring they have the roles, responsibilities and processes in place for reporting; this is particularly important for medium to large organisations that have multiple sites or business lines.

Data Protection Officers

Companies with more than 250 employees must appoint a Data Protection Officer who sits at board level. The Data Protection Officer will be the point of contact with the ICO and will monitor,advise and train on compliance. Companies who are not required by legislation to appoint an officer will need to nominate someone in the organisation to have an understanding of, and ensure compliance with the Regulation.


Pre GDPR many businesses did not assign the responsibility for data protection to an individual or department, but if they did it tended to fall into the remit of IT. Compliance is now a board level issue, not least due to the fact that directors will be personally liable for breaches. This change means that protecting personal data is more likely to be embedded in the culture of the organisation.

Conclusion: Smaller businesses are more  likely to fall foul of the GDPR as they do not necessarily have the resources to dedicate to becoming compliant and maintaining compliance. A good place for businesses of any size to start is the ICO’s website, and it is certainly worth engaging with a third party who can take you through compliance, recommending solutions that can tick the necessary boxes and help you avoid those fines.

Need some comms advice for GDPR?

Then get in touch below and we can help!

[contact-form-7 404 "Not Found"]

This is a unique website which will require a more modern browser to work!

Please upgrade today!

Firstcom Europe