Preparing for GDPR: 10 Top Tips for Employers


19 Feb 2018


The General Data Protection Regulation (GDPR) is coming but a recent survey suggests less than 50% of businesses are familiar with it. Our advice is that all businesses need to take action now, as doing nothing may land your business with a fine of as much as €20 million or 4% of your annual turnover.

What is GDPR? It comes into effect on May 25th 2018 across the European Union and is replacing the UK Data Protection Act. GDPR brings in a strict set of new rules concerning privacy and data security, while imposing penalties on businesses which violate them. Who does GDPR affect? GDPR affects anyone holding data on EU citizens including employers and business owners of any size. This is because they are likely to control personal data – or at least process it on someone else’s behalf, such as employee personal details, as well as performance reports and attendance records. The GDPR applies to all EU organisations and to any organisation outside of the EU which processes personal data on an EU national. What about Brexit? It is likely the UK will still be a European Union member state as of 25th May 2018, so the regulations will apply until we leave the EU. Once we leave it is expected the UK will either adopt the GDPR in its entirety or adopt national legislation, which is similar to GDPR.

GDPR Infographic

GDPR: Top 10 Tips for Employers

Here are our expert’s top tips for ensuring your business complies with the new regulations:
  1. Make sure people in your business know that the law is changing.
  2. Create a register of the personal information you hold, where it came from, and who you share it with.
  3. Review the current privacy notices for the data you store and prepare to change them for GDPR.
  4. Get consent to store, manage, maintain and use personal data or consider what other rights you may have to process personal data.
  5. Check that you can honour the rights of individuals. If someone asks for their data, you should be able to give them it in a secure, standard format.
  6. If someone asks you to remove their data, make sure you can prove you’ve done so.
  7. Put in place a process for handling requests for any of the data you hold, including how quickly you will respond, how you will provide it, and how you will assure requesters that they own it.
  8. Decide if you need a system for identifying the age of individuals and whether you need parent or guardian consent.
  9. Have an emergency plan in case you lose data or someone steals it.
  10. Nominate a responsible person to be your Data Protection Officer or representative, as applicable.

What are the main changes of GDPR?

GDPR will replace the current legislation under the UK Data Protection Act. The new legislation is coming in because digital technology has moved forward far more rapidly than the law, so in affect GDPR is necessary to help the law catch up with the rapidly evolving digital environment. One of the biggest differences between the current legislation and GDPR is that people will gain much more control of their personal data. The new rights of the people your business holds data on are:
  • The right to be informed: Where you state in your privacy notice how you process information fairly.
  • The right of access: Data subjects can get access to, and a copy of, their data and find out how you are using it.
  • The right to rectification: People can ask you to update any inaccurate or incomplete data.
  • The right to erasure: Commonly called ‘the right to be forgotten’. People can ask you to delete or remove their personal data.
  • The right to restrict processing: Where you are allowed to store but not process personal data.
  • The right to data portability: Allows people to get some of their data from you for their personal use.
  • The right to object: People can opt out of you profiling them based on their data, direct marketing to them, or using their data for research.
  • Rights in relation to automated decision making and profiling: Protection against mistakes or decisions where humans are not involved in data processing.
Watch out for our expert’s comprehensive GDPR White Paper, which will be published on the Croner Free Downloads shortly.

Free to Download Employer Resources

  • Social Media Policy Template


    Social Media Policy Template

    Read more
  • Sample Mental Health Policy


    Sample Mental Health Policy

    Read more
  • Disciplinary Letter Template


    Disciplinary Letter Template

    Read more
  • 10 Tips About Your Workforce and Bank Holidays


    10 Tips About Your Workforce and Bank...

    Do you have employees who work over bank holidays?  Public holidays raise all so...

    Read more
  • Top Five Things to Remember When Recruiting


    Top Five Things to Remember When Recr...

    Although finding the appropriate person for a role is challenging, getting thing...

    Read more
  • EU Ruling Forces UK Bosses to Record Staff Work Hours


    EU Ruling Forces UK Bosses to Record ...

    The European Court of Justice has ruled that bosses must have a system in place ...

    Read more
  • Numark



    Numark serve as a virtual head office for independent pharmacies on the high str...

    Read more
  • Gilmour Quinn


    Gilmour Quinn

    Gilmour Quinn Financial Planning Ltd is, as the name suggests, a small financial...

    Read more
  • Wardman Brown


    Wardman Brown

    "I would say it has has a noticeable impact, in particular it has improved the H

    Read more

Ready to focus on what you do best?

Get your free consultation and speak to an expert today.