GDPR Compliance

Under the General Data Protection Regulations (“GDPR”) businesses and organisations will have to take a number of steps to achieve compliance.

In order to demonstrate compliance with the GDPR and, perhaps more importantly, to mitigate any enforcement action by the Information Commissioner’s Office, businesses should put in place:

  1. Policies and procedures in respect of their processing of personal data
  2. Test their systems and procedures regularly
  3. Training the staff appropriately

In a bit more detail, this means the business will need to have in place:

  1.  Privacy notices (both internal and external)  telling staff and the outside world what they are doing with their personal data.
  2. A data handling policy which sets out the businesses policies and practices staff must follow when handling personal data. This document will protect the business if a staff member acts beyond their powers and causes a data protection breach.
  3. Processing agreements in any situation when a controller / processor relationship arises. This document is required under the GDPR and will have a list of prescriptive clauses that must be contained within it setting out the responsibilities of the processor to the controller.
  4. A data protection officer (if required under the GDPR).
  5. A process to consider international transfers of personal data to ensure they are lawful by, for example, putting in place standard contractual clauses or other appropriate safeguard.
  6. A process to test their internal reporting pathways so if, for example, a data subject access request is received at reception there is a pathway to make sure it is provided to the responsible individual in order it can be dealt with in the required timeframes.
  7. A process to regular test the security of personal data including the IT systems and physical security at the business premises.
  8. A training program to ensure staff are aware of their responsibilities and are adequately trained in relation to data protection.


Have you read our GDPR Guides?

Everything you wanted to know but never dared to ask.

FULL PDF -> Step by Step guide to achieve GDPR Compliance.

FULL PDF -> GDPR Everything you NEED to know 

FULL PDF -> Do I need a Data Protection Officer? 


Data, IT & Technology Team

  • All departments
  • Agricultural Law
  • Banking and Finance
  • Brexit
  • Commercial Law
  • Commercial Property
  • Competition Law
  • Construction
  • Consumer Law
  • Corporate - MBOs & MBIs
  • Corporate Governance
  • Corporate Law
  • Corporate lending
  • Data Protection - Marketing
  • Data, IT & Technology
  • Debt Recovery
  • Dispute Resolution
  • Disputes - Business
  • Disputes - Declarations of trust
  • Disputes - Probate and inheritance
  • Disputes - Professional negligence
  • Disputes - Restrictive Covenants
  • Disputes - Shareholders & Partnership
  • Disputes - Tenants in Residential Property
  • Disputes - Wills, trusts & probate disputes
  • Disputes and Small Claims
  • Disputes Construction
  • Disputes with Co-owners
  • Divorce
  • Employee - Termination
  • Employer - Termination
  • Employment
  • Employment - Business protection
  • Employment - Collective consultations
  • Employment - Contracts, services, consultancy
  • Employment - Employee benefits
  • Employment - Employee Procedures
  • Employment - Equality, discrimination and harassment
  • Employment - Family Friendly Rights
  • Employment - GDPR and Data Protection
  • Employment - Post employment obligations
  • Employment - Redundancy & Reorganisation
  • Employment - Settlement Agreements
  • Employment - Tribunal Claims
  • Employment - TUPE
  • Employment - Wages, holiday and sick pay
  • Employment - Workers rights
  • Employment Tribunal claims
  • Estate Administration
  • Expat Legal Services
  • Family Law
  • Financial Services
  • Franchising
  • GDPR
  • Help to Buy
  • Immigration law
  • Intellectual Property
  • International Legal Services
  • Key Property Contacts
  • Land and Property Disputes
  • Land, development and construction
  • Lasting Powers of Attorney
  • Leasehold
  • Licensing Law
  • Money, Tax and Inheritance
  • New Build Conveyancing
  • New Businsess
  • Private Wealth and Inheritance
  • Professional Negligence
  • Property Finance
  • Property Law
  • Recovery & Insolvency
  • Regulatory, Compliance & Competition
  • Residential Property
  • Residential Property - Completions
  • Residential Property - Shared Ownership
  • Terms and Conditions
  • Wills, Trusts & Probate

Latest news & insights

Contact us

    The information you submit will be handled in accordance with our privacy policy.

    60 St Martins Lane, Covent Garden, London WC2N 4JS
    +44 (0) 203 755 0557

    Building 2  Watchmoor Park, Riverside Way, Camberley, Surrey  GU15 3YL
    +44 (0)1276 686 222

    Wokingham (Appointment only)
    4 The Courtyard, Denmark Street, Wokingham, Berkshire RG40 2AZ
    +44 (0)118 977 4045


    © 2021 Herrington Carmichael LLP. Registered in England and Wales company number OC322293.

    Herrington Carmichael LLP is authorised and regulated by the Solicitors Regulation Authority.

    Privacy Policy   |   Legal Notices, T&Cs, Complaints Resolution   |   Cookies
    Client Feedback   |  Diversity Data