• GL
Choose your location?
  • Global Global
  • Australia
  • France
  • Germany
  • Ireland
  • Italy
  • Poland
  • Qatar
  • Spain
  • UAE
  • UK

Final countdown - Top 5 hitlist – Incoming GDPR

24 April 2018
Public Sector
By now, you will have heard of the General Data Protection Regulation ("GDPR"). If you have been brushing it to one side, you should now bring it to centre stage. We have compiled a top 5 hitlist to help you with your preparations.

By now, you will have heard of the General Data Protection Regulation ("GDPR"). If you have been brushing it to one side, you should now bring it to centre stage. We have compiled a top 5 hitlist to help you with your preparations. As the UK Information Commissioner has said herself "the 25th of May is not the end, it's the beginning.

1. Know your business, know your data

You need to review your own policies, practices and processes to ensure they are compliant with GDPR requirements. You should document your review and identify your legal grounds for processing personal data in this way: what personal data do you collect and store; how do you use personal data; how long do you keep personal data for; and who do you share personal data with?

2. High risk - high volume

Any contract where you share high risk personal data, or where you share large volumes of personal data, should be prioritised for a review. There are mandatory provisions you must put in place in certain circumstances under GDPR. Some personal data will be more high risk than others - for example, medical data, biometric and genetic data, political opinions, racial origin etc. Business emails of business contacts, will be lower risk.

3. Who's said "no" – do you know?

Make sure your privacy notice is a clear reflection of how you use personal data in the business. There is specific information you must include in your privacy notice. You need to review your marketing databases and ensure you have the correct legal basis in place to continue sending marketing communication to these contacts. In some instances, this may mean consent. You might need to refresh your consents. You must ensure this process is correctly executed. The ICO has previously imposed fines on companies who have incorrectly contacted individuals. You should check: is consent needed; do you have a records of the necessary consents; and have you removed people from your marketing database if they have asked you not to contact them?

4. "Belt and braces" on

Review the security practices and policies you operate in the workplace. Do you give blanket access to staff members to all personal data the business holds? You should only be giving access to personal data on a need to know basis. You should also ensure that your systems are tested on a periodic basis to reveal any weaknesses which can then be remedied. This process should be documented. Review and delete personal data you no longer need – after all, you can't hack it, if you don’t have it.

5. "Get your house in order"

Your staff will need to receive training so they understand their own responsibilities and your policies and procesures. For example, they will need to be able to recognise and handle data subject requests including access requests and requests to restrict processing activities

Further Reading

We use cookies to give you the best user experience on our website. Please let us know if you accept our use of cookies.

Manage cookies

Your Privacy

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. We mainly use this information to ensure the site works as you expect it to, and to learn how we can improve the experience in the future. The information does not usually directly identify you, but it can give you a more personalised web experience.
Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change permissions. However, blocking some types of cookies may prevent certain site functionality from working as expected

Functional cookies


These cookies let you use the website and are required for the website to function as expected.

These cookies are required

Tracking cookies

Anonymous cookies that help us understand the performance of our website and how we can improve the website experience for our users. Some of these may be set by third parties we trust, such as Google Analytics.

They may also be used to personalise your experience on our website by remembering your preferences and settings.

Marketing cookies

These cookies are used to improve and personalise your experience with our brands. We may use these cookies to show adverts for our products, or measure the performance of our adverts.