Chat with us, powered by LiveChat
31 Mar 18
General Data Protection Regulations (GDPR)

There has been a lot of information regarding the deadline of 25th May 2018 which is the date that the General Data Protection Regulations (GDPR), come into force.  This will be a substantial change to the current data protection legislation and it would be wise not to regard matters as business as usual. 

The GDPR will impose major changes which include:

  • Individuals having greater control over their personal data including the ‘right to be forgotten’ and the right to have their data transferred;
  • In certain circumstances an organisation will have to appoint a data protection officer;
  • Organisations will have to report breaches to the Information Commissioner’s Office (ICO) within 72 hours;
  • There will be much stricter rules on obtaining individual’s consent on how their personal data can be used, including use for marketing; and
  • Higher penalties will be imposed on organisations who breach data protection regulations.

Many organisations are already working to accommodate the changes but there is still a substantial number who are not turning their attention to GDPR.  It is important to, at least, make a start on implementing the necessary changes now, even if these are not completed before the deadline.  This will demonstrate to the ICO, should a breach occur, that you are taking the regulations seriously and may well reduce any possible penalty.  It can also minimise the risk of a breach happening in the first place.

There needs to be an administrative as well as a legal approach to complying with GDPR.  Some of the matters an organisation may want to consider are:

Understanding what personal data is held by the organisation and how it is used within the organisation;

  • Allocating responsibility within the organisation for the implementation and safeguarding of personal data;
  • Cleansing an organisation’s existing personal data to remove any excess data with no legitimate reason for holding on to it;
  • Having proper systems in place for safeguarding personal data and for reporting breaches to the ICO;
  • Ensuring a commitment from senior management and training of staff on the new GDPR;
  • Reviewing the internal privacy policy and the privacy and cookies policy on the website (external policy); and
  • Reviewing an organisation’s legal agreements with other entities to ensure there are proper provisions for safeguarding and dealing with personal data.

The above are just some of the considerations which an organisation should be turning its attention to from now.  You may want to engage external advisors with GDPR knowledge to help you navigate this fairly complex area of law.

This article is for general information purposes only and does not constitute legal or professional advice. For more information contact Watkins & Gunn Solicitors on 01633 262122 or visit to our website

Contact us today 0300 1240 400


We are delighted to announce that our offices are now open to the public  between 10am and 4pm Monday to Friday, by appointment.

We will continue to provide our services remotely outside those hours so that you will be able to contact us between 8.3oam and 5pm.

We have followed Welsh Government guidance to allow us to open our doors safely. We have hand sanitisers, PPE, protective screens and are enforcing  two metre spacing. We have also limited the numbers allowed in our buildings by operating a rota of those office working and those working remotely.

Go to our CoVid 19 page for more information.

Thank you for your continued patience at this difficult time.

Stay safe and well.