On Friday 25 May 2018, the new General Data Protection Regulation (GDPR) will come into force and all businesses, colleges, schools and charities who collect personal data will be affected. As a result, every organisation that collects, processes or stores personal data should be taking steps now to ensure it remains compliant.


Here are our top tips to help you prepare for the new GDPR:

  1. Don’t panic! Sometimes, the hardest thing to do is to start the process. If you can’t do it on your own, seek professional advice.


  1. Visit the Information Commissioner’s Office (ICO) website. They have created lots of toolkits and guidance notes to help organisations understand GDPR and the steps they need to take to remain compliant. (link to the ICO website: https://ico.org.uk/)


  1. Complete a data audit. This will help you identify what data you currently hold, how long you’ve held it for, where it came from and who you share it with.


  1. Update your privacy notice. You should review your privacy notice and ensure you are telling people:- What data you are holding on them.- Why you are keeping this data.- What’s the lawful basis you have for processing this data.

    – Who you are sharing it with.

    – How long you are going to keep the information for.

  1. Reassess how you seek, review and maintain consent from individuals. It may be a good opportunity to refresh existing consent to ensure it was obtained positively.


  1. Assign a Data Protection Officer who will be responsible for data protection compliance.


  1. Keep records of what you are doing to prepare for GDPR as organisations will need to evidence their compliance with the legislation.

Last updated: 16th May 2018