2 March 2018 by Vincent Billings

General Data Protection Regulation (GDPR) – Main Issues for Businesses

Since my previous article on the GDPR in January, we have been advising many of our clients on the regulation and I thought it would be useful to share with you some of the common themes and offer some general advice.


Databases can be a key asset for many businesses and are used to send out marketing communications. One of the key concepts of the GDPR is to rebalance the rights of individuals to control their data against allowing businesses to control a person’s data as they see fit. A database of personal information will therefore need to be looked at carefully.

Whether a person has previously given positive consent to be contacted can be critical. If the person has not given positive consent under your current model say by having opt-outs or pre-ticked boxes you will need to look into changing the model.

It is important to keep a record of how and when an individual has given consent and to note that consent may be withdrawn at any time.


Contracts including your terms of business should be very clear regarding data protection so that there can be no misunderstandings between the parties. This is especially relevant when the contract is a business to business arrangement. Any breach of the GDPR can then be apportioned in accordance with it.

Privacy policies and notices

Privacy policies and notices on websites are also key to ensuring that you are communicating your position on data protection to users of your website and the rights that they have when they engage with you.

In some circumstances you may also need consent forms to process data which again set out the reasons for processing data and how the data will be used.

Data protection officer

Appointing a data protection officer or someone responsible for dealing with data protection compliance is also another key area to ensure that you organisation is dealing with data protection responsibly.

The above is not an exhaustive list but some of the issues we are being asked about by our clients. There are of course many more areas within the GDPR that businesses need to be aware of and take appropriate action.

How will the GDPR specifically impact your business?

If you want to know how the GDPR might specifically impact upon your business then click the link below to take our free, short and simple questionnaire.

Once completed you will receive an immediate score indicating how at risk your business might be. If you provide us with your contact details one of our lawyers will then contact you direct and provide some pointers as to what practical steps you should be taking to minimise the risk of non-compliance.

Alternatively you can contact our Corporate and Commercial Team to discuss how the GDPR will impact your organisation on 020 7288 4700.

16 February 2018 by

Cohabiting couples, do you know your rights?

Research published by Direct Line this week suggests 38% of unmarried couples are not sure of what they would be […]

23 February 2018 by Leah Veasey

Don’t get shackled with a flat with less than 80 years left on its lease and pay Marriage Value

You’ve purchased a flat, you’re a home-owner, hurrah! But how long is left on your lease? 125 years? 99 years? […]

Signup To Our Weekly e-News

"*" indicates required fields

We’ll never share your details with any third party in line with our privacy policy.