Manchester Solicitors delivering exceptional legal services at an affordable price.

Manchester & London Solicitors


GDPR – Top 10 Tips


Regulatory Compliance GDPR: TOP 10 TIPS

First of all, what is GDPR?

The General Data Protection Regulation (GDPR) is a regulation that the European Parliament, the Council of the European Union and the European Commission have all ratified which is intended to strengthen and incorporate data protection for all individuals within the European Union. It is due to come into force on 25th May 2018 and you will need to know how it affects you and / or your business.

You will need to know if the GDPR actually is relevant to you and your business. It will apply to ‘Controllers’ and ‘processors’ of data. A data controller states how and why personal data is processed, while a processor is the party doing the actual processing of the data. So the controller could be any organisation, from a profit-seeking company to a charity or government. A processor could be an IT firm doing the actual data processing. Even if controllers and processors are based outside the EU, the GDPR will still apply to them so long as they’re dealing with data belonging to EU residents. The controller must ensure that the processor abides by the GDPR and the processor must themselves ensure that they abide by the GDPR.


You need to make sure you and the decision makers / influencers in your company / firm are aware of the GDPR and what it means. Employees should also be made aware and their obligations in relation to the data they are privy to.

Information Gathering

You need to start to gather and collate the data you have on your records; where it came from and why you have it. You should organise an information audit and this should be done as soon as possible and you’ll have to set aside time to do this on top of your normal duties as it could be quite a time consuming task.


You should review and amend, if necessary, your privacy notices. For example, on your email footers, websites and external correspondence. Likewise, you should be considering the privacy notices of third parties that you correspond with – do they have privacy notices? Are you satisfied that you can provide data lawfully to them?


You should review and amend, if necessary your privacy procedures, for example, how you delete personal data or how you provide it. How is your data going to be collated?

Know the law

You need to be aware and understand the legal basis for your data processing and gathering. A solicitor can review the law and advise you how it relates to your business. Furthermore, you will need to be aware of what a breach of data protection can lead to. Fines for the most serious of breaches can be up to 4% of annual worldwide turnover of your business or 20 million euros (whichever is higher)


You should review how you seek, record and manage consent and whether you need to make any changes. You need to check if they meet the GDPR standards. The parties giving you consent will need to be properly advised of what they are consenting to, proper authorities and mandates may need to be carefully re-drafted and reviewed. A solicitor will be able to draft disclaimers / mandates / authorities and provide you with advice.

Children / Minors

If your company deals with the data of children / minors, you will need to review and consider the procedures in place for the verifying ages and parental or guardian consent for any data processing activity

Data Breaches

Consider your procedures in place to detect, report and investigate a personal data breach. Employees will need to be properly briefed and made aware of whistle-blowing policies to report any breaches.

Data Protection Officer

You need to consider if you require a Data Protection Officer and if so, where they will sit in your firm’s structure and the practicalities of their role.

International and Brexit

If you carry out work outside the EU, you’ll need to check and consider your lead data protection supervisory authority. Furthermore, if your business operates within the UK or with UK businesses, you’ll need to consider and be aware of the corresponding UK Data Protection laws post-Brexit and the implications of operating across the UK / EU border.

Fortunately, there is help at hand from Monarch Solicitors. We specialise in commercial and business law and are dedicated to ensuring that our clients are well informed. We will advise you of the law, your duties and rights and how it applies to you practically in a straightforward and professional manner.

If you are facing any kind of GDPR or regulatory dispute please contact our Regulatory Compliance solicitors in Manchester on 0161 820 8888 and solicitors in London on 0208 889 8888 for immediate assistance.

Don’t wait until it is too late.

Call our regulatory law experts now on 0161 820 8888 for our solicitors in Manchester or 0208 889 8888 our tax solicitors in London.

We will happily provide a free 30-minute consultation on your matter. Give us a call today!


Call our Solicitors in Manchester & London for a free initial consultation

Contact Us Today

By submitting the form you agree to our Privacy Policy and Privacy Notice
Accredited by
Members of
Monarch Solicitors Brand Stripes

Contact Us

If you need legal advice, call our expert solicitors or fill in our enquiry form and we will get back to you as soon as possible.

Request a call back

Please provide us with your details and we will call you back.

Free Case Evaluation

Get Legal Advice today

subscribe to our newsletter

By signing up to our newsletter you agree to Monarch Solicitors’ Privacy Policy Terms