The General Data Protection Regulation (GDPR) sets the standards for processing personal data in the EU and has been incorporated into UK law by the introduction of the Data Protection Act 2018.

This data protection regime strengthens the rights of individuals, increases the enforcement powers of supervisory authorities (such as the Information Commissioner’s Office) and imposes obligations on organisations which process personal data. If you collect, store or use personal data, the data protection regime affects you.

You need to be clear about what personal data you hold about people, how that data is being used and how long it will be retained. You also need a legal basis for processing that data. Be aware that personal data includes anything that could identify a person, so names, addresses and email addresses, as well as cookies, IP addresses and telephone numbers.

The penalty for a data breach under GDPR is up to €20 million or 4% of annual global turnover – whichever is higher.

Laura Franklin
Employment solicitor

Talk to us about:

Employment services:

  • Bespoke employee privacy notices
  • Employee handbook privacy policies
  • Bespoke subject access request response procedure
  • On-site training sessions for managers

Looking for legal advice? How can we help?

We take privacy seriously and will never share your information. All of our communications are managed in accordance with the Beswicks Legal privacy promise.