Greers or Elgin Ltd - General Data Protection Regulation (GDPR)

General Data Protection Regulation

The General Data Protection Regulation (GDPR) places additional obligations on businesses with regard to the safeguarding of personal data.

The GDPR requires all organisations that deal with individuals living in an EU member state to fully protect the personal information belonging to those individuals, and to have documented proof of such protection. The UK's decision to leave the EU will not affect the introduction of the legislation in the UK.

The new regulations require a consistent and transparent approach to data processing, and the financial penalties for failing to comply are severe - with fines of up to €20m or up to 4% of total annual worldwide turnover.

New requirements for businesses

While the principles of GDPR are broadly similar to the existing Data Protection Act (DPA), there are some key changes placing additional obligations on businesses.

The GDPR places a new emphasis on accountability and transparency when it comes to dealing with personal data. While businesses may already be compliant with many of the regulations as covered under the DPA, they are required to provide documentary evidence of their compliance with the GDPR.

Specifically, the new rules state that businesses must be accountable for their data usage, and must identify a lawful basis for processing personal data.

The GDPR specifies that personal data must be:

The GDPR builds on the existing rights and principles for individuals under the DPA, as well as introducing some additional rights. Some of the key rights under the GDPR include:

Further information and guidance can be found on the Information Commissioner's Office website:


Below are a list of documents available for download should you require further information

Please contact us for the password to open the documents

GDPR Policy Overview

GDPR Policy

GDPR Retention Policy

GDPR Fair Processing Notice