Data Protection & GDPR Compliance in the EU | Piranha Solutions

Start Your Project with Piranha Today: Call 01772 888331

EU GDPR – Are You Compliant?

By piranha

26th October 2017

25th May 2018 sees the EU General Data Protection Regulation (GDPR) come into effect.

Whilst the deadline for conforming to GDPR is effective in under 6 months’ time, there is still some confusion about how the change will influence business operations.

So, let’s take a look at what the changes are and what to do next!

This is intended for use as a rough guide only. Please click here for more information.

What is GDPR?

GDPR is a set of regulations which dictate how data should be handled. These directives supersede all previous laws and legalities on the subject.

Why Change the Regulations?

The new regulations attempt to consider the enormous technological advances since the previous guidelines were implemented (all the way back in 1995!).

How data was handled has also differed depending on the state in question. As of May 2018, all EU member states will be brought into uniformity. This is intended to save money and time when deliberating contentious cases on the international stage.

After 20 years, the ways in which we store and use data are also almost unrecognisable. It, therefore, makes sense – from an EU perspective – to review laws and regulations and ensure they reflect the world today.

Doesn’t Brexit Change Things?

No. As of 25th May 2018, the UK will still be part of the EU.

It is therefore imperative for UK businesses to conform to this international law. You are still responsible for your company’s conduct and compliance.

Even if the UK does leave the EU by that date, the law still stands for any states which trade with EU countries.

What Data Matters?

All businesses which gather and/or store personal information must conform to GDPR.

Personal information is a term which has sparked debate in the past. Therefore, the EU has published a set of guidelines on what constitutes legal responsibility:

  • Names
  • Photos
  • Addresses
  • Email addresses
  • IP addresses
  • Credit card details
  • The identity of persons (includes physical, psychological, physiological, cultural, social, mental, genetic and economic factors.

Virtually every company in the world holds at least one single piece of information on its staff or customers. You must, therefore, assume that your business will be affected.

Some Key Aspects

Whilst the EU has published a document of guidelines some 200 pages long, there are just a few key points you should consider:

  • Data breach – if your organisation’s security is breached and sensitive information is compromised, you must inform the Information Commissioner’s Office (ICO) within 72 hours of the discovery.
  • Consent – individuals must give their consent before companies can collect and store their information. Companies must also be able to prove those customers have previously consented to their data being stored or used for any purpose.
  • Access – every individual has the right to send a Subject Access Request (SAR) to acquire the data a company has on them. The company must then be able to explain the origin of the information, how it is stored and what it is used for. Electronic copies must also be available in a widely-accessible format.
  • Right to be forgotten – each person has the right to request the deletion of their data.
  • Officers – each company compliant with GDPR must appoint a Data Protection Officer (DPO).
  • Fines for non-compliance – penalties for failure to uphold GDPR standards are considerable. Fines can be up to 4% of the business’s annual turnover (worldwide) or up to €20m.

Whilst this is an overview of the changes, there are many other points raised by the EU’s official documentation. We highly recommend you research the matter well before the deadline next year.


Make sure you understand the legal implications of GDPR for you and your business.

Remember: the final deadline for compliance is 25th May 2018. Don’t get caught out and hit with a hefty fine!


If you’re currently a client of Piranha, you will need to ensure that you are GDPR-compliant.

To do so, you may need to consider related documentation including privacy policies and contact permission forms.

Please contact us for further information.

It is your responsibility to ensure your company’s compliance with GDPR from 25th May 2018. If you’re unsure about any aspect of the process, we recommend seeking professional legal advice prior to that date.

  • share

Have You
Read these?