The EU’s General Data Protection Regulation (GDPR) - Our six top tips

This is the biggest update to data protection law since the current EU Data Protection directive which was established in 1995. Preparing for GDPR will need your full attention and it will take time to implement new processes and procedures across your business. Review the legislation online now.

Many of them will impact your current processes, such as an individuals right to be forgotten and subject access requests. You may need to draw up a plan for responding to such requests as with most cases under GDPR you only have one month to reply.

It is essential that you understand where it is stored, what systems you use and how you use it. Consider whether invasive means of collecting personal data are used and if the data is processed fairly and lawfully. This means informing people about the purpose and use of personal data collected and how your business will process that. At this stage you may want to consider a privacy impact assessment.

If you are storing data that you no longer require (and are not legally obliged to keep) then securely delete it. Disposing of unnecessary data will help reduce risk. But make sure you securely erase it with specialist equipment and software.

Make sure all of your employees and suppliers are aware of any changes to your processes and procedures that may impact them. They will also need time to adjust and prepare.

Visit the Information Commissioners Office (ico) website for up to date information on GDPR, useful guides on what steps you need to take and when.