How will GDPR affect UK organisations?

November 4th, 2016   


In the first of our GDPR blog series, we looked at why the data protection legislation is changing.

In this, our second article, we will delve into how the new law will affect organisations in the UK.

The Information Commissioner’s Office (ICO) is the UK governing body for Data Protection. The ICO advises that all organisations start to prepare themselves for the GDPR implementation now.

Greater consistency of record keeping will be required and there will be stricter and more consistent enforcement procedures.


Organisations across the EU will need to have a more harmonised set of compliance requirements. As a snapshot, these include:

  • Data breach reporting: Organisations will need to inform data subjects and the ICO about data breaches within 72 hours.
  • Significant new fines: Maximum fines will be dramatically increased from the current maximum of less than €1 million to €20 million, or 4% of annual global turnover per breach.
  • Data Protection Officers: Most businesses will have to formally appoint an independent Data Protection Officer.
  • Personal Data of Children: Businesses will have to obtain parental consent to process the personal data of children under 16 years old.

In short, the reality is that organisations need to consider GDPR as a priority.

In the next of our three-part GDPR blog series, find out whether UK organisations are, in fact, ready for the change.

For more information on how GDPR may affect your organisation and how we can help, contact our Services team here.