GDPR and data privacy

The General Data Protection Regulation (GDPR), widely regarded as the biggest shake up of data protection law in 20 years, has now come into force and regardless of size, affects every business located in the EU or trading with EU businesses which collects, stores or uses personal information.

There are therefore very few (if any) businesses in the UK for whom the GDPR has no effect.

What has changed?

The new Regulation enhances individuals’ data protection rights and introduces a greater obligation for businesses to be transparent in how they use personal data.

All affected businesses are required to have appropriate policies and procedures in place to ensure that personal data is collected and processed lawfully. They will also need procedures to deal with Data Subject Access Requests (requests from individuals to provide details of all data held about them) and data breaches. 

Individuals now have the right to ask data controllers to erase all data held on them and to obtain a copy of their own personal data in a structured and machine-readable format. Organisations are also now required to notify the Information Commissioner’s Office (ICO), the GDPR supervisory authority, and the related individuals within 72 hours of a harmful data breach.

Greater data protection rights for individuals will inevitably increase the regulatory burden for organisations. However, it is also an excellent opportunity for organisations to be proactive and get the personal information they hold in order.  A compliance programme can also be used as a positive differentiator in dealings with customers and suppliers, since the non-compliance of competitors will quickly become apparent and a compliant organisation is self-evidently a better organisation to deal with.

What are the risks?

Your organisation must not ignore the GDPR. Action needs to be taken now to minimise the risk of breaches, which can result in fines being imposed by the ICO. These fines will vary depending on the seriousness of the breach but the maximum fine is the higher of €20 million or 4% of worldwide turnover of the business.

Alongside the financial impact of such a fine, a business will also face serious damage to its reputation.

How CB Comply can help

Although the regulation has come in to force, it is not too late to start working towards compliance. Our dedicated CB Comply team has substantial experience working with SMEs on their data protection requirements. We provide a range of advice and assistance to support you in identifying and addressing the compliance challenges posed by the GDPR, from an initial discussion on your compliance gaps to a detailed audit, flexible and tailored specifically to your business, establishing the state of your current policies and procedures.

Once a thorough assessment of your business has been carried out and the compliance gaps have been identified, we will provide recommendations to reduce the risk of breaches occurring in the future, or we can work with you to implement the necessary changes.

We have also identified a small number of experts in data security who can help you to establish the level of vulnerability of the data in your business and offer solutions to improve security, where needed.

Moving towards complying with the GDPR can be a very significant task. Your organisation needs to start now to minimise the risk of a regulatory breach and a potentially large financial penalty.


How we can help web


If you are interested in discussing how we can support you in your programme towards GDPR compliance, please This email address is being protected from spambots. You need JavaScript enabled to view it..

Click here to see our page on Data privacy and GDPR for individuals and their advisers.

Additional information