Preparing for GDPR 3 months to go!

With just three months to go until GDPR takes effect, the majority of changes should now be fully implemented within your business. Here’s some advice from our Data Protection Officer and Chief Information Security Officer, Steve Sands, on what your organisation should be considering in the run up to May, when the regulation will be enforced.


Ensure all your procedures are up to date, communicated clearly to staff and reviewed regularly. This includes how you record and manage consent (where appropriate) and an individual’s rights, subject access requests, your privacy notice, the information you hold on individuals and why you hold it.


Organisations employing more than 250 people, or processing more than 5,000 data subjects may need to appoint a Data Protection Officer (DPO), although this doesn’t necessarily have to be a permanent employee. This is to ensure data controllers and processors comply with the GDPR and avoid the risks that organisations face when processing personal data. Your DPO should be a data protection expert who can advise on all aspects of data protection legislation and is able to form a link between the public and the organisation’s employees in relation to processing of personal data. to find out what’s new and their 12-steps guidance at:

For more information call 01782 664000

or email

Time to connect