ICAEW.com works better with JavaScript enabled.

New law: Organisations preparing for major new data protection law in 2018

Organisations should be identifying and preparing to implement necessary changes now, ahead of the new General Data Protection Regulation (GDPR), due in force in May 2018.

Legal Alert

This update was published in Legal Alert - May 2017

Legal Alert is a monthly checklist from Atom Content Marketing highlighting new and pending laws, regulations, codes of practice and rulings that could have an impact on your business.

The GDPR is an EU Regulation that strengthens and unifies data protection for individuals within the EU and regulates the export of personal data outside the EU. Its aim is to give citizens control over their personal data and simplify the regulatory environment for international business. It will replace the UK's current data protection laws. As it is an EU Regulation the GDPR has direct effect and so there is no need for enabling UK law.

The proposed introduction date is 25 May 2018 and will come into force while the UK is still a member of the EU.

Much of the new law will be the same as existing UK data protection law but there are important differences. Businesses should be considering necessary changes now, and take preliminary preparatory steps. These include reviewing:

  • The personal data your organisation processes now, why you are processing it, where it is kept, and who is authorised to access it
  • Whether to delete any personal data you should no longer be holding
  • Policies, codes of conduct and procedures to ensure they comply with the new rules. Ensure the new obligations on data processors are covered
  • Agreements with suppliers (and any standard precedents you use)
  • Information notices (the GDPR requires organisations to provide information about their personal data to individuals)
  • Insurance – does your organisation need data protection cover?
  • Whether you already have a data protection officer (required under the GDPR), or need to appoint one


    Operative date

    • May 2018


    • Organisations should be identifying and preparing to implement necessary changes now as a result of the new General Data Protection Regulations, due in May 2018

    Disclaimer: This article from Atom Content Marketing is for general guidance only, for businesses in the United Kingdom governed by the laws of England. Atom Content Marketing, expert contributors and ICAEW (as distributor) disclaim all liability for any errors or omissions.