Data protection changes – what you need to know

Businesses are preparing for the General Data Protection Regulation, which comes into force from 25 May 2018.

All businesses holding personal data will need to ensure their procedures are fit for purpose and compliant when the new rules take effect next year.

Those businesses found non-compliant may face fines of up to €20 million – or 4% of annual global turnover.

David Riches, executive director at the British Chambers of Commerce (BCC), said:

“The General Data Protection Regulation is intended to reflect modern working practices in the digital age and will strengthen consumer trust and confidence in businesses.

“With less than 12 months to go, there are procedures businesses should be reviewing to determine what changes may need to be introduced to be compliant.

“Businesses that are already vigilant about their data protection responsibilities won’t be unduly burdened by the new legislation.”


The BCC and Information Commissioner’s Office are urging businesses to prepare for the changes by taking the following steps:

  • holding information – organise the personal data your business holds, where it’s sourced from and who it is shared with
  • privacy – review privacy notices and plan for further changes
  • consent – review how you seek, record and manage consent and whether you need to make any changes
  • data breaches – make sure the right procedures are in place to detect and report data breaches
  • data protection officer – designate a Data Protection Officer to take responsibility for data protection compliance.

Chat to us about how this may affect you.