0370 1500 100

The GDPR Race Is On


All businesses that use personal data have until 25 May 2018 to comply with the new General Data Protection Regulation (GDPR) legislation. Non-compliance can lead to potential fines of up to €20 million or 4% of annual worldwide turnover, whichever is bigger.

The GDPR requires businesses to carry out a root and branch review of how they collect and use personal data. Doing nothing is not an option and the sooner you start the better. May 2018 may sound a long way off but the scale of the reforms means that you need to deal with the issues sooner rather than later.

You’re in the GDPR race if your business collects or uses:

  • Consumer information
  • Employee records
  • Data on individuals within companies
  • Data relating to suppliers and customers who are sole traders or partnerships
  • Pension records

Getting Ready For The Challenge

Are you ahead of your competitors or lagging behind? We surveyed business leaders around the country to learn what they knew about GDPR and what preparations they were making.

Download the full report to find out where your business stands.

The Rewards

Not only can the Data Protection experts at Irwin Mitchell help your business meet the compulsory 2018 GDPR deadline and avoid fines, but can also help you reap the rewards of compliance. The three key rewards of getting your personal data compliant are:

  • Good data governance builds customer trust and confidence
  • You can use your data to understand your customers and their needs - tailoring your offering accordingly
  • The right permissions can help you take advantage of Big Data and potentially commercialise your data

The Countdown Is On

Complying with the GDPR deadline, of 25 May 2018, is not optional. All businesses that use personal data need to comply and cross the May 2018 GDPR finish line. Brexit and the triggering of Article 50 will not affect this deadline. The Government has already made it clear that even though the GDPR is European legislation it will still take effect in the UK after Brexit.

Whilst May 2018 is a key date, compliance does not stop there. It is an on-going process and you need to continue with your compliance regime.


Know What Hurdles You Face

Knowing what challenges and hurdles you face is essential for achieving compliance. You need to understand where your compliance currently stands and how big a hurdle you face. Some of the main changes businesses must prepare for before May 2018, are:


Individuals can require you erase their personal data from your systems. Whilst you need to have a process to action this, the right is not as wide ranging as you might think. You need to understand its scope, what your obligations are and how you need to reply to requests.


Individuals already have a right to access their data you hold. This right will be extended. Additional information will need to be provided and generally in a shorter timescale. You also won’t be able to charge a fee.


Data breaches which impact on privacy will have to be notified to the ICO and individuals affected within 72 hours of it happening. Breaches can range from a customer database being hacked to putting a letter in the wrong envelope. You will need to monitor your systems to know whether or not there has been a breach.


You need to be open with individuals about what data you are collecting and what you are doing with it. Fair processing notices and privacy policies need to be updated.


Not all use of personal data needs consent. If you do rely on consent then your consents need to be looked at. Consent will be harder to obtain and maintain under GDPR.

Fine Calculator

Non-compliance can lead to potential fines of up to €20 million or 4% of annual worldwide turnover, whichever is bigger.

You can use our GDPR Fine Calculator to work out the maximum your business stands to lose. Just put your annual turnover into the box below, e.g. 10000000


You could incur a fine of:


With You Every Step Of The Way

We understand that achieving GDPR compliance may seem overwhelming. Every business is unique and so a one size fits all approach won’t work. We have specialist lawyers who are already advising businesses on how to become compliant. We will work with you to understand what your business needs are and agree a pathway to compliance.

In view of the potential fines you need a true specialist to help you navigate through to compliance. General advice in this area will not be enough. GDPR compliance should be treated like a marathon, not a sprint, and compliance requires long term planning and preparation.

Don’t leave compliance to the last minute. Get in touch with one of our Data Protection experts today. We’ll be with you every step of the way.

Find out more about GDPR


Joanne Bone

Joanne has been advising businesses and other lawyers on data protection for almost 20 years, including specialist advice on the new GDPR Regulations since 2015. Joanne has a wealth of experience and is our key contact for the North and Midlands.

Stuart Padgham

Stuart is the national head of Irwin Mitchell’s Commercial team, based in our Gatwick office. He has over fifteen years’ experience working on data protection issues as well as IT and other commercial arrangements and is our key contact for the South.

© 2017 Irwin Mitchell LLP is Authorised & Regulated by the Solicitors Regulation Authority. Our Regulatory Information.