Posted on 31 January 2018

The General Data Protection Regulation 2016/679 (GDPR) replaces the existing data protection regimes in place throughout the European Union, including the UK. It introduces a number of new obligations and requirements on data controllers and data processors. Compliance with the new regulations will be of even greater importance following the enforcement date of 25 May 2018, because the GDPR substantially increases the fines that can be imposed by the relevant regulatory bodies in the event of a breach – now up to a maximum of €20 million or 4% of annual global turnover whichever is the higher.

Your first step towards achieving GDPR compliance

The first step towards achieving GDPR compliance is a thorough and exhaustive data and information audit of your business. Regular data audits, reviews and data management exercises will be ongoing requirements to maintain compliance under the GDPR. But before you can do anything you must establish exactly what data you are dealing with, whether as a data controller1 or processor2, and why.

The GDPR introduces the Accountability Principle. This states that the data controller is responsible for, and must be able to demonstrate compliance with, all of the requirements of the GDPR (including the principles of Lawfulness and Transparency, Purpose Limitation, Minimisation, Accuracy, Storage Limitation, Integrity and Confidentiality, Transfers, and Data Subject Rights). It is crucial therefore that as the data controller you are able to provide evidence to support compliance with this principle.

Download a simple data audit checklist and questionnaire to help get you started. Some areas may be more or less relevant depending on your business. 

Conducting a comprehensive data audit will help you to identify your current position with regards to GDPR-compliance.

You can find more information about data audits from our webpage (GDPR) and the following helpful Information Commissioner’s Office webpages:

Read our second blog where we discuss how to use the results of your audit to update or draft new GDPR-compliant data protection policies, strategies and procedures.

If you have any questions, or need any assistance with your data audit, please do get in touch with Sean Jauss or Emma Gallacher.

Download your data audit checklist

1. A ‘controller’ is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

2. A ‘processor’ is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Emma Kennaugh-Gallacher

Contact Emma Kennaugh-Gallacher

Emma is a member of our legal services team with experience in IP licensing and assignment and confidentiality agreements. She also works with our dispute resolution team providing support for early stage IP litigation for infringement of copyright, trade marks, registered and unregistered design rights and patents. Emma successfully gained the BCS Practitioner Certificate in Data Protection, a qualification which relates to both the background and the practical application of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

Related Posts