Getting ready for GDPR by

Getting Ready for GDPR

The EU General Data Protection Regulations (GDPR) will come into force in Northern Ireland on 25th May 2018, and as the biggest shake up in data protection since the Data Protection Act 1998, there are a lot of changes ahead which companies of all sizes will need to adhere to. As the fines for not being GDPR-compliant are significant (up to €20 million, or 4% annual global turnover – whichever is higher), naturally many companies are wondering what they need to do in order to get ready for GDPR and ensure they are operating within the law. Here are a few essential steps to help you work towards compliance.  


 1. Ensure your staff are prepped to deal with questions 

 If a customer asks to know what information is held about them, your staff need to be prepared to answer straight away – and justify why this information is being held. Similarly, if you hold employee information and an employee asks about this, you’ll need to be able to answer. It is highly likely that all your staff will require some level of GDPR training in order to understand the reasons behind it and the consequences of complying.   


 2. Do an information audit  

 Identify what type of data you hold and why. Find out where the data comes from and who you share it with. Take some time to review your current data protection policies, codes of conduct, website messages and sign up permissions regarding privacy of information and opt ins to ensure you are compliant with GDPR principles.  


 3. Review your Service Providers contracts to ensure they are GDPR compliant also 

 This legislation impacts everyone you do business with or who does business with you, so make sure the suppliers you choose to work with are also making provisions for these legislative changes too.  


4. Put in place procedures for deleting personal data  

 If a customer or employee contacts you and asks for the ‘right to be forgotten’, you need to have a process in place which deletes this personal information where it is no longer necessary for you to hold in relation to the purpose for which is was originally collected. Obviously, there will be some legal exemptions in this case where it is not possible to delete certain data.  


5. Protect the data that you have  

 You will have to have systems in place which will detect, report and investigate any data breaches. It is your responsibility to ensure that the data you store about suppliers, employees and customers is held in a safe place.  


 6. How do people consent to receiving information from you?  

 This is especially important for customer engagement and marketing purposes – you will need to seek, obtain and record consent if you wish to engage in future communications.  


This is a complex area of the law, and there is a lot of guidance and information available from UK-based sites which can be confusing for Northern Ireland companies, as the legislative framework in Northern Ireland is very different to the rest of the UK. If in doubt about what you need to do, we would advise that you seek legal advice and follow the steps provided by where can you find more up to date information and resources.  


Harry McPartland & Sons Solicitors in Lurgan and Lisburn are on hand to provide you with advice and legal services on all areas of the law. If you have questions about anything from employment law to licensing to conveyancing questions, give us a call or contact us at