How to get your business ready for new data protection rules

Wed 10th Aug 2016

Blog updated April 2018.

Kirsty Davey gives her top tips to get your business ready for the new General Data Protection Regulation (GDPR), coming into force on 25th May 2018.

1. Review how you hold data now

A good starting point is reviewing how you currently hold and manage data. This could be personal information on customers, clients or other contacts. Do you understand how this data is held, who can access it and whether or not it is shared with other companies? Understanding how you currently manage data will be vital to ensuring you make the necessary changes to comply with the new regulation. Build in regular reviews and delete old and unnecessary data.

2. Understand the difference between opting in and opting out

Under the GDPR, people will generally need to ‘opt in’ rather than ‘opt out’ of receiving information from you or third parties. At the moment, for example, some businesses invite customers to tick a box (opt out) if they do not want to receive further information and some online forms include pre-ticked boxes, which need to be unticked. This will no longer be possible when the new regulation comes into force. Now is a good time to start looking at how people currently sign up to receive information from your business and incorporate a positive ‘opt in’ procedure.

3. Set up processes for managing data breaches

The new regulation sets out stricter terms for how a business needs to respond when sensitive or confidential data is accessed by an unauthorised person – accidentally or otherwise. Under the GDPR, businesses must report any data breaches to the Government body responsible for data protection (the ICO) as well as to the individual affected. It will be far easier to manage any breaches if systems are in place to identify when these occur.

4. Work out how to handle data access requests

A key element of the new regulation is that individuals should have the right to access their own data, for free and within a shorter timescale than is currently permitted. It will also allow people to exercise more rights around their data, including an expansion on the right of an individual to be forgotten. Businesses should therefore review how they currently manage any data access requests and consider how they can handle them more quickly and efficiently in the future.

5. Get your teams on board

The success of any business in meeting the new requirements will be dependent on people across the business understanding the changes. Your business may be under a requirement to appoint a data protection officer and so it is best to look at this sooner rather than later. Although the exact form of the national law is not yet know, it would be wise to start awareness raising as soon as possible. Consider who the key people are – particularly at a senior level – who will need to have an understanding of the GDPR and work out what information they need. You can then put a training and communications plan in place.

For any help or advice around the new GDPR, please contact Kirsty Davey in the Corporate and Commercial team at Coodes Solicitors on 01326 214034 or You can also download our GDPR pdf for businesses.

Wed 10th Aug 2016

Kirsty Davey

Head of Corporate & Commercial

Get in touch

Call us on 0800 328 3282, or complete the form below and we’ll get back to you as soon as possible.

This field is for validation purposes and should be left unchanged.

Search News & Events



Changes to Paternity Leave in April 2024: What do you need to know?

As of 6th April 2024, paternity leave will be changing to reflect a shifting attitude…

Read more


Suspecting a Power of Attorney of financial abuse: what can you do?

What steps should you take if you suspect someone is committing financial abuse as a…

Read more

Portfolio Builder

Select the legal expertise that you would like to download or add to the portfolio

    Download    Add to portfolio   

    Remove All


    Click here to share this shortlist.
    (It will expire after 30 days.)