HdK Associates

How to Prepare for GDPR Changes

We received a lot of questions about the new GDPR laws, which will come into effect on the 25th May, 2018, asking what these changes are and how to practically implement them. Therefore, I thought I’d write a comprehensive blog post to firstly calm the panic, which these new regulations seem to be causing, but also to breakdown the most important points and to remove the mystery surrounding these fairly standard updates.

First question answered: it is highly unlikely that Brexit will stop these changes coming into force or that this law will be repealed when we leave the EU. In May we will probably still be in the EU, but also to keep a trade agreement with EU countries, we would probably need to have similar data protection policies. Therefore, if you are hoping you won’t have to deal with these regulations, then stop hoping and accept they are coming.

Now, onto the better news; the updated General Data Protection Regulations are actually very similar to the previous guidelines, so if you are responsibly following these then there is no need to panic. The main shift within the rules is that companies are now legally obliged to follow them, implementing them to the best of their abilities and can be reprimanded and fined if they don’t. Additionally, the onus will now be with the company to ensure their data records are up to date and secure, as opposed to the previous rules which relied on active individuals keeping track of where their information was and how it was being used.

Below, I will go into more detail about the updates and provide some tips on ways to ensure you remain within the law and the transition is as smooth as possible.

Aims of the new law are:


Main requirements of the 2018 Regulations:


In short, I know that I just gave you a lot of information to think over and suggestions to make, but I think the most important element to hold onto is that the new GDPR rules coming into place in 2018 almost mirror the old ones, so it should not require a great shift in company thinking to understand them. However, you must be prepared for a dramatic change in company culture and the sooner you start this change, the easier it will be. If there is one final thing I can give you it is that these changes are essentially a reflection of what everyone wants; when you give your information out you don’t want a stranger to suddenly get it, you want to know it is stored safely, protecting you from future invasions of privacy and if a company that you are no longer interested in is contacting you, you want to be able to make them stop easily and efficiently. If you can provide this to your database and prove that you are doing so, that is all the new law really asks of you.