GDPR Explained

How it impacts on your business

GDPR Explained – How it impacts on your business

Is your business ready for GDPR?

In May 2018, new General Data Protection Regulations are coming into force that will change the way businesses have to look after personal data.

These regulations impact on every business that processes the personal data of EU citizens, and the UK government has confirmed we’ll be using the same guidelines after Brexit. Fail to comply with the new legislation, or suffer a breach that leads to the theft of personal data, and your business could face heavy fines and serious reputational damage.

With the introduction of GDPR looming, we take a look at the new regulations, examining what they are, whether they impact on your business, and what you need to do to stay compliant.

What is GDPR?

The General Data Protection Regulations (GDPR) is a new set of rules that will replace the current Data Protection Act.

With cybercrime on the rise, and more personal data being collected and used than ever before, it’s designed to help protect individuals and give them greater control over how this personal data is used by organisations.

It introduces 8 new rights for individuals:

  1. The right to be informed – knowing who has their data, what they are using it for, and why they are keeping it
  2. The right of access – like the current subject access request
  3. The right to rectification – the right to correct the records a business holds
  4. The right to erasure – the right to ask for data to be removed
  5. The right to restrict processing – stopping businesses from processing their data
  6. The right to data portability – data needs to be able to be exported in a format that can be universally read (csv)
  7. The right to object – the right to object to companies using data for purposes including direct marketing and processing for statistical purposes
  8. The right not to be subject to automated decision-making (including profiling)

What are the responsibilities for businesses?

The regulations set out the requirements for businesses in terms of how they collect, process, store and use personal data:

  • Data can only be collected for specified, legitimate purposes
  • Data cannot be kept longer than necessary for processing
  • Data must be processed in a secure manner
  • Businesses must process data in a transparent, fair and lawful manner
  • Data collected should be limited to that which is relevant processing

Ultimately, it is about treating personal data with care, using it only for the purposes it was intended for, and taking all the steps possible to protect the data from falling into the wrong hands. Businesses will need to create and implement an effective GDPR plan, and be able to demonstrate they are adhering to the new regulations.

Additional information about responsibilities relating to GDPR, what your business needs to do and implementing an effective GDPR strategy can be found on the dedicated website -

Who does GDPR apply to?

GDPR applies to any business that collects or processes the personal data of EU citizens – this includes both employees and customers. After Brexit, the government has already agreed that the UK’s new data protection rules will be GDPR compliant.

GDPR also applies to data you already have, and not just the new data you collect. Simply put, if you collect or hold personal data in any form – it applies to your business!

What are the penalties for non-compliance?

GDPR places heavy responsibilities on employers, and failure to comply with the new legislation could lead to heavy fines of up to 4% of global turnover, or a flat fine of up to €20M – whichever is the higher.

However, these are worst case scenarios, and companies should not be unduly worried – as long as they take their responsibilities seriously.

Data Compliance at Prestige

At Prestige, we take data protection seriously, and have already begun to implement a robust GDPR plan.

Whether you are a candidate or a client, we will look after your data, keeping it safe and using it only in the manner you want us to. For additional information about our GDPR plan or how we use your data, please get in touch with your local office today.


Posted: Mon 05 Feb 2018
  • Group Head Office
  • Prestige House
  • 12 Bowlalley Lane
  • Hull
  • East Yorkshire
  • HU1 1XR
  • T: 01482 212581
  • F: 01482 212 880
  • Leeds Branch
  • 64 Wellington Street
  • Leeds
  • LS1 2EE
  • T: 0113 2436279
  • T: 0113 2458604
  • Dereham Branch
  • 15 Aldiss Court
  • Dereham
  • Norfolk
  • East Anglia
  • NR19 1TS
  • T: 01362 293120
  • F: 01362 690876
  • 7 Northumberland Street
  • Huddersfield
  • HD1 1RL
  • T: 01484 905199
  • Specialists in:
  • Ex-offender Employment Experts
  • The Quadrant
  • Nuart Road
  • Beeston
  • Nottingham
  • NG9 2NH
  • T: 0115 7043391
  • Specialists in:
  • Providing staff to the criminal justice sector

Prestige Recruitment LTD. Registered in England No: 04098721.

Our People Are Your People   Instagram Icon

Web design Hull by Eyeweb