GDPR – General Data Protection Regulation

GDPR, or to give it its full title General Data Protection Regulation, is a Europe wide piece of legislation which will overhaul the way personal data is collected, stored and used. GDPR will introduce some significant changes to the current data protection regime, adding more accountability and enhancing data protection laws.

The GDPR will replace the current Data Protection Act 1998 on 25 May 2018 and will bring with it significant obligations for businesses, charities, public bodies and any other organisations that handle personal data. It is vital that your organisation is aware of its obligations, as the sanctions for non-compliance has widened and the financial penalties are substantial.

What does GDPR cover?

GDPR covers the collection, storage and use of personal data. Personal data is any information which can identify a person (‘data subject’) directly or indirectly. GDPR has widened the scope of what is considered personal data and also the special categories of data (previously known as sensitive data).

GDPR also provides enhanced rights for data subjects, both in their ability to make a request to see any information held on them, but also to request that information is erased or restricted, providing them with greater control.

The definition is extremely wide and so covers all personal information obtained from customers, suppliers, contractors, service users, employees etc. It is therefore almost certain that all organisations, regardless of size, turnover, staff numbers or sectors, will have to comply with GDPR. For most organisations it will mean ensuring that you are registered with the Information Commissioner and reviewing your policies and procedures, updating your contracts and training staff to be more data aware.

Getting it wrong

GDPR brings with it significant fines for non-compliance. Penalties can be up to 4% of global turnover or €20 million, whichever is the highest amount. Given these new maximum penalties, the threat of insolvency or closure for many business will be very real. Organisational and staff awareness in this new data landscape cannot be underestimated.

Why GA Solicitors?

GA Solicitors has been established in Plymouth for more than 200 years and has supported businesses of all sizes with various legal aspects required when running a business. Regardless of your size or industry, we will work with you to ensure you meet the new GDPR requirements and can be confident in your position. We have a specialist team to support you at each step, including a fully accredited GDPR practitioner.

What we offer:

  1. FREE data audit template and guidance document. This can be used to help and guide your organisation to efficiently audit what personal data is held, where it comes from, why it is obtained and where it is stored. This is the first stage of complying with GDPR
  2. Assisting your organisation to comply with GDPR by advising and producing the necessary policies, fair processing notices and necessary forms, records and documents
  3. Advising and assisting you in updating any contracts to ensure you have sufficient GDPR provision and undertaking data protection due diligence checks
  4. Advice, guidance and assistance on potential breaches, subject access requests and involvement with the Information Commissioner.

If you would like to receive the FREE data audit template and guidance, or if you wish to have a no obligation discussion about how GDPR will affect your organisation, then please contact Robert Zacal (01752 513549 / or Donna Butler (01752 241761 /