News & Events
Find out more about what Bright Solicitors are up to and keep up-to-date on what is currently happening in the industry.

GDPR Newsletter


GDPR stands for the General Data Protection Regulations. These regulations originate in the EU and will replace the existing Data Protection Act.

• They will come into force on 25th May 2018

• Brexit will have no effect on the GDPR – the Government has committed to ensuring they take effect in the UK.

• Main purpose – giving data subjects (individuals) greater control over their personal data.

• Affects all businesses holding personal data – not just client/prospective client data but also eg employee data.

• Myth number one – it doesn’t affect me I am a small business (it affects all businesses).

• Myth number two – it doesn’t affect me I only sell to other businesses (it affects all personal data held by a business eg if you sell to ABC Ltd you will be dealing with a person there whose personal details – name. address, email etc – you will hold; if you have employees you hold employee data; if you recruit you hold prospective employee data).

• The key requirement is to “demonstrate compliance”. It is no longer enough just to make a decision, you will now need to document what you considered when making the decision (the legal basis for processing); what decision you made, why etc.

• This will affect all processes, procedures and documents that affect or are affected by data processing.

• Documents that might need to be drafted/reviewed include:

o Privacy policy (website) o Fair dealing policy (data protection policy for employees) o Fair dealing policy for prospective employees o Data breach response plan

• Data cleansing should take place before May – i.e. get rid of any data you no longer need, but get rid of it safely to ensure no privacy breaches.

• Marketing databases are a particular concern – opting out of emails/contact is no longer enough, data subjects have to opt in. A double opt in is needed if you are to be safe under the GDPR ie the data subject needs to click on an email/complete a form AND THEN ALSO confirm that instruction by clicking in a link in a follow up email.

• All employees handling data will need training.

• This is an ongoing process that needs to be kept under review – it is not a one time only compliance exercise.

• Sanctions are either 4% of worldwide turnover or 20 million Euros, whichever is the greater.

What is Bright Solicitors doing to help?

• We are providing free of charge a data mapping exercise for clients/prospects to complete. This is a time consuming but necessary first step to ensure the business knows what data it holds, where, why, who has access to it, who it is shared with etc.

• When the data map is returned to us we evaluate where the gaps are and quote to implement the necessary reviews, documents etc

What should businesses do?

• Take it seriously – appoint someone to take the lead on compliance, devote time and resource to it.

• Speak to us (of course) and complete a mapping exercise to start with

The message

• Do not panic but do prepare.