General Data Protection Regulation

Getting Ready

Getting you ready for the GDPR

On 25 May 2018, the General Data Protection Regulation (or “GDPR”) will come into effect and usher in a new data protection regime for the UK.

What does the GDPR mean for your organisation?

The GDPR will bring about the most fundamental change in data protection law in a generation. It will impact every business, public authority and non-commercial organisation in the UK. The fundamental purpose of the GDPR is to protect the rights of individuals and the security of their data, and it imposes strict obligations and controls on organisations which use that data. 

Key changes will include:

  • far heavier fines - up to €20million or 4% of worldwide turnover (whichever is higher)
  • new and stricter requirements for valid consent;
  • more explicit and extensive compliance requirements for all agreements involving personal data;
  • compulsory reporting of data breaches and strict time limits for doing so;
  • in some cases, a duty to appoint a data protection officer;
  • new data subject rights, and changes to the rules dealing with subject access requests;
  • data processors being directly liable for breaches of the law;
  • strict requirements for privacy policies and notices;
  • a requirement to carry out privacy impact assessments in some situations.

The GDPR is about ensuring people remain in control of their personal information. From May, 2018, those organisations which use personal data in a manner which contravenes the rights of individuals (e.g. if effective privacy policies, notices or processing contracts aren’t in place) will place their entire business in jeopardy in terms of reputation in the market place, and the fines which may then be imposed for breach.

How we can help

The GPDR is long and complex, and achieving compliance can seem overwhelming. More often than not, data protection won’t stop you running your business, but it may well require you to do some things differently. This is where we come in.

Our data protection team can support your GDPR compliance process in various ways which best suit you:

  • Site visits
  • Tailored training
  • Model contracts, documents, and policies
  • Advice on subject access procedures, international data transfers, direct marketing, profiling and other issues

We also offer our clients access to a data protection helpline so they can expert advice whenever needed.

What they say about us

“Freeths have provided us with excellent support on our EU GDPR project. They responded to our need for specialist GDPR advice as we prepare to meet the requirements of the new legislation.  Their dedication and support has been much appreciated.”

Valentine Steadman, Corporate and Legal Services Manager
The Royal Society for the Protection of Birds

Charity specific services

Charities face particular data protection challenges. The non-profit sector has been in the media spotlight, seen high-profile enforcement action and is faced with other regulatory measures which overlap with the GPDR (such as the introduction of the Fundraising Preference Service) and the need to move to an opt-in basis for many supporter communications. This has created a perfect storm for charities.

Our data protection team has particular expertise in this area. We have worked closely with UK’s largest conservation charity, the Royal Society for the Protection of Birds, to help manage the legal aspects of their GDPR compliance program. We also hold regular roundtable events for charities across the country, providing legal updates and a forum for discussing data protection developments of direct relevance to the sector. For further information please contact Robert Nieri or Rebecca Howlett.

Seminars and events

Our specialist data protection lawyers are frequent speakers on data protection and the GDPR at trade and industry events and GPR conferences.

We also host our own events and seminars. Click here for details or, to be notified of future events, please email us.


If you would like help getting your organisation GDPR ready, please contact Rebecca Howlett, Partner, on 01865 781219 or by email at