BLB Solicitors
  • +01225 755656
  • enquiries@blbsolicitors.co.uk
BLB Solicitors
  • +01225 755656
  • enquiries@blbsolicitors.co.uk
  • Home
  • Services for You
    • Conveyancing Solicitors
    • Leasehold Solicitors
    • Property Dispute Solicitors
    • Divorce, Family Law and Mediation
    • Lifetime Planning and Wills
    • Probate and Estate Administration
    • Equity Release Solicitors
    • Retirement Property Conveyancing
    • Personal Injury Compensation
    • Medical Negligence Solicitors
  • Services for Business
    • Commercial Property
    • Commercial Property Disputes
    • Corporate & Commercial Legal Advice
    • Estate Management Solicitors
  • BLB Solicitors Locations
    • Almondsbury Solicitors
    • Bath Solicitors
    • Bristol Solicitors
    • Bradford on Avon Solicitors
    • Swindon Solicitors
    • Trowbridge Solicitors
  • About Us
    • Our Team
    • Working for BLB
    • BLB Solicitors – How we work
    • Making Payments to BLB Solicitors
    • Instructing BLB Solicitors
    • Terms of Business
    • Complaints Policy
    • Interest Policy
  • Blog
  • Contact Us

Home » GDPR five years on: where are we?

Company and Commercial
GDPR printed on an envelope
Oct 10th, 2023

At BLB Solicitors, our goal is simple – to deliver you clear, practical legal advice and cost-effective solutions. We hope you enjoy exploring our Blog. If you can’t find what you’re looking for, please do contact us.

GDPR five years on: where are we?

Our Team is available on 01225 462871. Alternatively, you can complete the Contact Form at the foot of this page.

GDPR compliance

It’s hard to believe that it’s been more than five years since we were all hurriedly putting in place the policies and procedures necessary to ensure GDPR compliance. Stories of huge fines terrified us as we pictured a slavering Information Commissioner straining at the leash.

What is GDPR?

The General Data Protection Regulation (GDPR) is the EU’s data privacy and security law –  in their own words, “the toughest privacy and security law in the world.”

UK GDPR

The EU GDPR ceased to affect the UK when the Brexit transition period ended at midnight on 31 December 2020. However, the UK had already enacted the General Data Protection Regulation (DPA), which came into effect on 1 January 2021. And the catchily-titled Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (DPPEC) amended the DPA, merging it with the requirements of the EU GDPR. Thus, we have a UK-specific data protection regime referred to as the ‘UK GDPR’.

Covid 19

An early and unexpected GDPR challenge arrived with lockdown as we struggled to work remotely from home. Check out:

  • Home working and data protection
  • Ensuring video conferencing is GDPR compliant

Where are we now?

It’s crucial to remember that GDPR compliance is not a one-off box-ticking exercise. Organisations failing to grasp this risk substantial fines. Earlier this year, the UK Information Commissioner’s Office (ICO) fined TikTok £12.7 million for several breaches of UK GDPR, including the unlawful use of children’s personal data. And in the EU, Meta, owner of WhatsApp, Facebook, and Instagram, faced a record fine of €1.2 billion by the Irish data protection regulator.

Of course, these are the headline grabbers, but the ICO’s fines can have a crippling effect on any organisation. Fines are discretionary, with a maximum level of:

  • £17.5 million or 4% of annual global turnover – whichever is higher – for infringing any data protection principles or rights of individuals.
  • £8.7 million or 2% of annual global turnover – whichever is greater – for infringement of any other provisions.

GDPR policies and procedures must remain under regular review and evolve with your organisation to remain compliant. Take particular care if there are changes to the type of personal data collected and/or how data is used.

If your business merges with or acquires another, creating a group structure, you must consider intra-group transfers of personal data. That includes whether you need a group data-sharing agreement and mechanisms to ensure the legitimacy of any international transfers of personal data.

Common issues requiring attention

Among the common issues requiring attention are:

  • References to the EU GDPR as opposed to the UK GDPR.
  • Data processing agreements covering international transfers of personal data referring to transfers outside of the EU/EEA instead of the UK.
  • Data Processing agreements still referring to the 2010 EU standard contractual clauses for safeguarding personal data transferred outside of the UK to countries without an adequacy decision.
  • The content of privacy notices.
  • Has your organisation implemented compliant policies and procedures to manage the processing of all personal data?
  • Have any compliance obligations and responsibilities changed?
  • Ensure that all supporting information and justification is documented correctly and remains valid.
  • Ensure employees are carrying out activities in accordance with policies and procedures.

Does your organisation transfer personal data out of the UK?

This is more common than you may think, and if you do, you must assess whether your organisation can transfer personal data from the UK to a country without an adequacy decision, eg the US or India. The Schrems II judgment in 2020 means there is a greater focus on ensuring the protection of personal data in the hands of an overseas recipient than one in the UK.

BLB Solicitors
Request a Call Back

Recent Articles

  • Understanding breach of fiduciary duty: A focus on directors’ conflicts of interest
  • Breach of fiduciary duty as a director
  • Why have I been told I need independent legal advice?
  • Judge gives thumbs-up to contract acceptance by emoji
  • Economic Crime and Corporate Transparency Bill

Newsletter Sign-up

* indicates required

Share this article

You may also like...
  • Mar 9th, 2023
    Why do I need independent legal advice?
    Read Article
  • Sep 12th, 2023
    Judge gives thumbs-up to contract acceptance by emoji
    Read Article
View All Related Articles
Get in-touch today
Contact Form

Left Column

Right Column

Centre

 
Sending
  • Bristol Solicitors

    0117 905 5308
  • Bath Solicitors

    01225 462871
  • Bradford on Avon Solicitors

    01225 866541
  • Swindon Solicitors

    01793 615011
  • Trowbridge Solicitors

    01225 755656
  • Almondsbury Solicitors

    0117 905 5308
Authorised & Regulated by Solicitors Regulation Authority (No. 636644)
©2025 BLB Solicitors | Terms | Privacy | Legal