Norwich: 01603 616300

A Simple Guide to GDPR

December 2017

Aside from Brexit, the General Data Protection Regulation (GDPR) is the topic on everybody’s mind.

GDPR affects everyone, businesses and individuals alike, so knowing as much as you can about this new EU regulation now – and preparing for its impact now – will help you be compliant and avoid a huge potential fine in the future.

This guide will attempt to explain what GDPR is and what you need to know about it in simple terms. We’ve placed an emphasis on simplicity because many guides out there are circulating misinformation, further adding to the confusion around GDPR.

Let’s now dispel much of the fog surrounding GDPR and bring about some clarity on this important subject. Without further ado, here are some in-a-nutshell answers to some of the most pertinent questions:

What is GDPR?

Let’s start with the obvious. What exactly is GDPR and why has it been introduced? Firstly, GDPR exists to give people better control over what businesses and organisations can do with their data. It also makes data protection laws identical across all EU countries, making things clearer and simpler for everyone.

Currently, in the UK, the handling of data is governed by the 1998 Data Protection Act. GDPR will supersede the Data Protection Act, introducing new rules and penalties for those who fail to adhere to them, but more on that later.

When will GDPR take effect?

Right now. GDPR first came into force on 24th May 2016, though at present GDPR is a regulation and not a directive, meaning companies have until 25th May 2018 until the regulation becomes law and will apply to them.

Having said that, it’s essential to start preparing for its arrival now while you still have some wiggle room.

Who does GDPR apply to?

GDPR applies to “controllers” and “processors” of data, which covers just about every organisation out there as most organisations handle people’s personal data at some point, whether it’s the data of customers, suppliers, the public or staff.

What am I supposed to do to comply with GDPR?

This is perhaps the most important question of all. It’s all well and good knowing what GDPR is and why it’s here, but how are we supposed to comply with it?

What can I do right now to prepare for GDPR?

The ICO is the UK’s authority on the subject and if you read their advice and follow the 12 steps above – which you can take right now – your organisation will be taking the right steps towards to being compliant in time for 25th May 2018.

What happens if I don’t comply?

The consequences of not complying are severe. Failure to adhere to the rules could result in a penalty of up to €20 million (around £17.8m) or 4% of your global annual turnover, whichever is greater.

Aren’t we leaving the EU? Why bother?

While the UK is indeed working towards leaving the EU, the GDPR will take effect before the legal and practical consequences of leaving the EU do. For the time being, all UK organisations must comply.

If and when we do leave the EU, we may not necessarily drop this piece of legislation. In fact, we will likely continue to follow GDPR or a legislation similar long after we have left, simply because it will make things a whole lot easier when transacting business with other EU countries.

If you’re interested in reading further on the subject of GDPR, we recommend visiting

We’d love to hear your thoughts and/or questions on GDPR, so leave a comment using the box below.

Leave a Reply

Your email address will not be published. Required fields are marked *

Sign up for our news and business insight newsletter

No spam. No waffle. Just useful, practical and valuable news and insight, straight to your inbox. We always protect your personal data.

Aston Shaw Twitter Logo

Any capital gains tax (CGT) due on the disposal of a UK residential property must now be reported and paid within 30 days. Read more: #CGT

About 2 days ago from Aston Shaw's Twitter via Twitter Web App

Client Login

Secure Document Exchange Login

To request access to use the Client Login feature, please email:


You have Successfully Subscribed!

Secure Document Exchange Login

Please email or call your Client Manager directly to be set up with access or if you have lost your login credentials.


You have Successfully Subscribed!