How will the GDPR affect your business

Posted by Florence Pillman


On Wednesday 21st June, Jon and Florence attended a seminar in London on ‘How will the GDPR affect your business’.

The main speaker at the seminar was Martin Hoskins, an Associate Director at Grant Thornton UK LLP. He is a senior data protection professional currently working alongside the Department of Culture, Media and Sport and other central government organisations to provide advice on data protection and the new GDPR regulations.

GDPR (General Data Protection Regulation) will be coming into effect on the 25th May 2018 in place of the current Data Protection Act from 1995. It is going to bring significant changes for ‘processors’ of personal data, who previously under the DPA had less legal liability.

Proving a positive data culture

There are 5 key areas that organisations must focus upon to ensure they ‘control’ the data for which they are responsible and to prove compliance with the new regulations:

  • -       training and awareness
  • -       records management
  • -       IT security
  • -       requests for personal data
  • -       data sharing

Although the level of attention that needs to be given to each of these areas depends on the size of the organisation and the amounts and type of data it handles, it is important for business to prove they have positive culture with regards to these elements. Companies implementing ISO 27001 will address these areas and be well set up for the new regulations.

ICO not looking to catch business out

Interestingly, Martin pointed out that the Information Commissioners Office (ICO) are not looking to catch organisations out with this new legislation. Although there will be ramifications to companies if they have a data breach or abuse the data they have control over (i.e. unauthorised mass marketing), if companies can prove they have a positive culture around data protection this will be taken into consideration.

The huge fines threatened under GDPR (€20 million or 4% or annual global turnover – whichever is higher) will only be handed out to those with blatant disregard for peoples’ personal information. SME’s shouldn’t feel daunted by these new regulations which will benefit all organisations and keep data protection at the forefront of current management issues.

Brexit and GDPR

Hoskins also discussed the impact of Brexit on the GDPR. As not much is currently known about the negotiations not much can be said on the effect of Brexit on European regulations currently imposed on the UK. However, he commented that, while Britain would not have to abide by European Data Protection laws once we leave the European Union, we would have to have a similar system of our own to ensure smooth transition of data between Britain and the European Union.

Impact on SME’s

Jonathan specifically questioned Martin on his views of how these new regulations will affect SME’s using cloud systems for storage. Hoskins had four pieces of advice which involve having all the correct documentation readily available for the following:

-       The physical location of your hosting platform is based – is it the UK or abroad?

  1. -       Know exactly who manages and has access to this hosting platform and what they can do to your data.
  2. -       Check the certification of your hosting platforms for the different levels of security.
  3. -       Hold contracts with all your suppliers, especially those who handle any data from your organisation.

Click here to find some useful resources on the ICO website about preparing for GDPR.

If you have any questions on the topic feel free to contact Jon at

Leave a comment

Your email address will not be published. Required fields marked *