General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR).

The General Data Protection Regulation will apply from 25th May 2018 and if you are currently subject to the UK Data Protection Act (1998), you are required to be compliant to this new legislation.

It applies to the management and protection of personal data, though it goes further into the protection of both the manual and automated collation of personal information than the aforementioned Act.

Though the requirements are broadly similar to those set out in the 1998 Act, there are some differences and a requirement to ‘demonstrate compliance’ (Article 5(2)).

In processing personal data, there is more obligation on a company to ascertain and document their legal basis for doing so. Some of the reasons offered for the lawful processing conditions under GDPR are detailed below;

  • 6(1)(a): Consent of the data subject; which must be freely given, specific, informed and be an unambiguous indication of their wishes.
  • 6(1)(b): Is necessary for the performance of a contract with the data subject or to take steps to enter into a contract.
  • 6(1)(c) – Is necessary for compliance with a legal obligation.
  • 6(1)(d) – Is necessary to protect the vital interests of a data subject or another
  • 6(1)(e) – Is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • 6(1)(f ) – Is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.


The GDRP legislation also details the rights of individuals, including;

  1. The right to be informed.
  2. The right of access.
  3. The right to rectification.
  4. The right to erasure.
  5. The right to restrict processing.
  6. The right to data portability.
  7. The right to object.
  8. Rights in relation to automated decision making and profiling.


The purpose of this overview is not to provide a comprehensive checklist of compliance, but to provide a brief snapshot of some of the legislation’s key points. Please refer to the legislation directly to ensure that you meet the new obligations. Alternatively, we have access to many talented and informed IT Security professionals; such as Information Governance Managers, Cyber Security Manager, Incident Managers, IT Project Managers, Penetration Testers and many more, which can ensure that your firm meets your new obligations.

Back to Knowledge Centre