The GDPR Race Is On


All businesses that use personal data had until 25 May 2018 to comply with the new General Data Protection Regulation (GDPR) legislation. Non-compliance can lead to potential fines of up to €20 million or 4% of annual worldwide turnover, whichever is bigger.

The GDPR requires businesses to carry out a root and branch review of how they collect and use personal data. Doing nothing is not an option and the sooner you start the better.

You’re in the GDPR race if your business collects or uses:

  • Consumer information
  • Employee records
  • Data on individuals within companies
  • Data relating to suppliers and customers who are sole traders or partnerships
  • Pension records

Getting Ready For The Challenge

Are you ahead of your competitors or lagging behind? We surveyed business leaders around the country to learn what they knew about GDPR and what preparations they were making.

Download the full report to find out where your business stands.

The Rewards

Not only can the Data Protection experts at Irwin Mitchell help your business meet the compulsory 2018 GDPR deadline and avoid fines, but can also help you reap the rewards of compliance. The three key rewards of getting your personal data compliant are:

  • Good data governance builds customer trust and confidence
  • You can use your data to understand your customers and their needs - tailoring your offering accordingly
  • The right permissions can help you take advantage of Big Data and potentially commercialise your data

Know What Hurdles You Face

Knowing what challenges and hurdles you face is essential for achieving compliance. You need to understand where your compliance currently stands and how big a hurdle you face. Some of the main changes businesses must prepare for before May 2018, are:


Individuals can require you erase their personal data from your systems. Whilst you need to have a process to action this, the right is not as wide ranging as you might think. You need to understand its scope, what your obligations are and how you need to reply to requests.


Individuals already have a right to access their data you hold. This right will be extended. Additional information will need to be provided and generally in a shorter timescale. You also won’t be able to charge a fee.


Data breaches which impact on privacy will have to be notified to the ICO and individuals affected within 72 hours of it happening. Breaches can range from a customer database being hacked to putting a letter in the wrong envelope. You will need to monitor your systems to know whether or not there has been a breach.


You need to be open with individuals about what data you are collecting and what you are doing with it. Fair processing notices and privacy policies need to be updated.


Not all use of personal data needs consent. If you do rely on consent then your consents need to be looked at. Consent will be harder to obtain and maintain under GDPR.

With You Every Step Of The Way

We understand that achieving GDPR compliance may seem overwhelming. Every business is unique and so a one size fits all approach won’t work. We have specialist lawyers who are already advising businesses on how to become compliant. We will work with you to understand what your business needs are and agree a pathway to compliance.

In view of the potential fines you need a true specialist to help you navigate through to compliance. General advice in this area will not be enough. GDPR compliance should be treated like a marathon, not a sprint, and compliance requires long term planning and preparation.

Don’t leave compliance to the last minute. Get in touch with one of our Data Protection experts today. We’ll be with you every step of the way.

Find out more about GDPR


Joanne Bone

Joanne has been advising businesses and other lawyers on data protection for almost 20 years, including specialist advice on the new GDPR Regulations since 2015. Joanne has a wealth of experience and is our key contact for the North and Midlands.

Stuart Padgham

Stuart is the national head of Irwin Mitchell’s Commercial team, based in our Gatwick office. He has over fifteen years’ experience working on data protection issues as well as IT and other commercial arrangements and is our key contact for the South.

Request A Callback

Enter you details below and we'll call you back, at a time of your choice

Preferred date*

This data will only be used by Irwin Mitchell for processing your query and for no other purpose.