Author Ben Leonard

With less than 10 months to go until the General Data Protection Regulation (GDPR) is launched, many businesses are facing an impossible race to get themselves ready for the launch of the new EU directive.  

What is the GDPR?

The GDPR, or the General Data Protection Regulation, is an EU directive that comes into effect on the 25th of May 2018. It is intended to replace the current directive, the Data Protection Regulation, which has been in place since 1995.

The GDPR is designed to give consumers more control over the information that businesses collect about them. Consumers will have a better knowledge about what data companies have about them, and how it is used.  

Under the GDPR, all consumers have the Right To Be Forgotten. This means that, at a consumers request, all data held about them must be completely removed from the systems. This is especially true if consumers feel that the data that was collected about them was unlawfully collected in the first place.  

While businesses are not required to give their consumers online access to this data, they are required by the GDPR to facilitate access to the data, as well as make it easy to remove.

The other large change is the way that data breaches are reported. Currently, in the UK, there is no time limit for reporting data breaches. This has led the way for companies like Sports Direct to try and cover up any data breaches.  


With the General Data Protection Regulation, however, all data breaches have to be reported to the Information Commissioner’s Office (ICO) within 72 hours of the breach or else face a penalty.

The GDPR fine is incredibly hefty too. Businesses that are found to not be GDPR compliant will face a fine of up to 4% of annual turnover or 20 million euros, whichever is higher.

What do businesses need to do?

A lot of businesses are now scrambling to make sure that they are GDPR compliant. In last month’s Leap 100 poll, only 12 percent of businesses surveyed were “not concerned at all” about the General Data Protection Regulation.  

However, a lot of SME business owners do not yet fully understand what impact the GDPR could have on them. Aldermore’s latest study revealed that only 9 percent of UK SME owners actually fully understand what the GDPR means for their business, or have taken appropriate steps to prepare for it.

This is obviously not good for them, as a single GDPR fine could cause their businesses to close.

Instead, these businesses need to get a clear view of the data that they are collecting. If they are not centralising it all in a data warehouse, it’s time for a clear review of the data process in general. What data is being collected, where it is stored, why it is held and how long for are all questions that need to be asked.

What is evident, however, is that those who specialise in General Data Protection Regulation systems are going to be in high demand over the coming months.