How GDPR Will Affect Your Business

For those who are unaware of what GDPR stands for, it means General Data Protection Regulation. GDPR is a regulation by the European Commission set to replace the current Data Protection Directive. It intends to strengthen and unify data protection for individuals as well as allow them control of their personal data.
In summer of 2017, we saw the passing of the first major EU data protection law which now affects any business who trades with or holds information on European businesses or individuals.
As part of the change in law, it is stated that organisations must implement the appropriate security measures and solutions to protect all personal data they hold, failing which they will be fined up to £16 million or 4% of the company’s global turnover.
In an era where 99% of businesses and organisations handle critical client data, most are unaware of data protection laws and especially the change in the law.
Companies and organisations are advised not to take the change in law with a pinch of salt. A data breach investigation report for Verizon in 2016 states: “no locale, industry or organisation is bulletproof when it comes to the compromise of data”, hence it is vital that organisations are aware of their new obligations and are aware of their new obligations to allow them to prepare accordingly.

Why it effects your business?

Any business or organisation in the UK who simply collects, and processes data will be affecting by the change. According to the regulation, data can mean anything from an email address, standard name, address and phone number, financial or medical information, social media posts, photos and even a computer’s IP address.

Accountability and Governance

According to the Information Commissioner’s Office, the new accountability principle requires companies to demonstrate that they comply with the regulation and explicitly states that the upkeep of this are the Directors responsibility.

Examples of complying:

  • Implementing appropriate technical and organisational measures
  • Maintaining relevant documentation
  • Implementing measures such as Data minimisation, monitoring and transparency
  • Using data impact assessments
  • Appointing a Data Protection Officer (where appropriate)

Data Breach Notification

A data breach is a gap in your security which is defined as misuse of data, such as unauthorised access to or disclosure of data as well as loss or destruction of data. Unauthorised can mean both external and internal i.e. an employee having access to another employee’s financial data because their permission controls were not set up correctly.
Securing this, will be in the best interest of all businesses and organisations as it places duty on them to report data breaches to the relevant supervisory authority within a certain time period and sometimes to the individual affected. You are allowed up to 72 hours to report the breach however most businesses do not have the necessary technology in place to detect a breach and could go a very long time before even coming to the knowledge that a breach has even occurred.
Due to these tight timescales, it is vital that businesses and organisations carry out the necessary measures to ensure they have a robust detection, investigation and reporting procedure supported by the correct technology.
There is a fear that cyber criminals could also hold businesses and organisations to ransom to pay large sums of money to not report the breach.

How to ensure your company or organisation is secured?

Please contact Mr Imadul Chowdhury at Stirling Ackroyd Legal to discuss the matter further on This email address is being protected from spambots. You need JavaScript enabled to view it. or 020 3058 3363.

Get a Quote

Get a Quote

Please use this form to request a free quotation for legal services.