Show as: Mobile

GDPR is Coming to the UK. Is Your Organisation Ready?

GDPR in the UK - What You Need to Know

You've probably already heard of the new European Data Protection Act, GDPR, which has a deadline for compliance no later than May 25, 2018.

Experts recommend all organisations who collect and store data review their operations and routines because the reality is that no matter which industry you work in, GDPR will probably affect how your company works with data. Employees in everything from HR, Marketing, Law and IT will need to review their systems, routines and apply the coming regulations on how to work with collecting and storing personal information.

GDPR stands for General Data Protection Regulation, and is more stringent than the Data Protection Act of 1998 in the UK. The purpose of the new act is to strengthen the protection of personal data. For most organisations, personal data might consist of information about employees as well as customers or potential customers but this act applies to any data that could be tied to an individual, including IP addresses.

Will the GDPR be adopted in the UK?

Yes. The UK plans to comply with GDPR despite withdrawing from the EU. On 21 June 2017, the Queen's Speech confirmed that the EU General Data Protection Regulation would apply to the UK even as Brexit negotiations unfold.

How will the rules of collecting and storing data change?

It has been nearly 20 years since the UK’s data protection laws were last updated. A lot has changed since the Data Protection Act 1998 and the new EU regulation is intended to help protect individual data in the modern world. There are many important changes, but here are the largest:

  • The GPDR will apply to all organisations processing or controlling personal data in EU, and it also applies to organisations who process or control the personal data of individuals in the EU. 
  • Under GDPR organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 million (whichever is greater). Clouds will not be exempt from GDPR enforcement.
  • The request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent. It must be as easy to withdraw consent as it is to give it.​

Is your organisation ready?

It has been a long and complicated process to produce the GDPR which was first drafted in 2012 meaning its 261 pages can be difficult to interpret. It is important to follow developments and to be certain of how your organisation will respond. 

If your organisation is managing personal data, you should already be able to answer these questions:

  • Why do we have information about individuals that we collect?
  • Do we need that information?
  • How is that data collected?
  • Who has access to the data?
  • What plan do we have in place in the event of a data breach?
  • Who at the organisation is responsible for how we collect and manage our data?
  • What is our privacy policy and does it provide an accurate, understandable explanation of how we collect and process data?

Search GDPR Courses

Course recommendations

A two-hour introductory course in London ideal for marketing companies or departments.

A company-specific course ideal for senior leadership or committees tasked with investigating GDPR.

Two workshops and six e-learning modules for data protection officers, leaders and senior managers.

A 1-day course and exam to achieve a Certified EU General Data Protection Regulation (EU GDPR) Foundation Certificate.

Last updated: 18 Jun 2018

You might also be interested in:

Last updated: 18/06/2018

Jedi Knight Alternatives to Excel’s IF function

The IF function is a an essential part of any professional's Excel survival kit, but is it always the shortest and cleanest way to do things?

Discover two key alternatives that will make your work quicker and more effective, courtesy of Financial Training Associates.

Read more
Last updated: 30/03/2016

Data security: avoid email phishing in 4 steps

Protecting personal & company data isn't just about having the right infrastructure - it's about individuals developing awareness of how to deal with cyber threats on a daily basis.

With this in mind, here is a 4-step guide to protecting yourself against email phishing, developed by expert security training provider KeyStone Learning Systems.

Topics: Technology
Read more
U.K. L&D Report: 2019 - Benchmark Your Workplace Learning Strategy

Are you curious about the L&D strategies of some of the U.K.'s top companies?

Find out what they're up to in's second annual U.K. L&D Report!


Learn more

LOOKING FOR TRAINING? offers a free consultancy service to help compare training for you and your team

Request a free quote


Is your company looking to take on an apprentice?

Learn more


Download your free copy of the ultimate guide to apprenticeships for companies

  Download for free