General Data Protection Regulation (GDPR)


“The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years”

What is GDPR?

The General Data Protection Regulation (GDPR) was brought into force on 25th May 2018 and replaces all previous data protection legislation - including the Data Protection Act 1998.

The legislation applies to any organisation that provides a service or product to citizens within the European Union (EU), regardless of where they are based in the world.


ENQUIRE ONLINE   today for no obligation advice on the General Data Protection Regulation (GDPR).

Why was GDPR introduced?

The reason why GDPR was introduced is simple - to better protect an individual’s personal data and encourage business to take positive steps towards preventing such data being used for anything other than it’s intended purpose.

Should there be a loss of data for which you can be blamed then the Information Commissioners Office (ICO), who currently manage data protection, have increased powers under GDPR to impose heavier sanctions than they have previously, including substantial fines for the most serious breaches.

Frequently Asked Questions (FAQ)

We have gathered answers to the most popular questions surrounding the General Data Protection Regulation – which can be seen below:

The GDPR was brought into force on 25th May 2018. This replaces all previous data protection legislation - including the Data Protection Act 1998.

The GDPR applies to any organisation that provides a service or product to citizens within the European Union (EU), regardless of where they are based in the world.

The maximum penalty that can be imposed for non-compliance with the GDPR on an organisation is 4% of annual global turnover or €20 million – dependent on which is higher.

There is a two-tier system currently in place for non-compliance, these tiers are:

  • Up to €10 million or 2% of annual global turnover – whichever figure is higher
    e.g. - an organisation has not notified supervising authority or data subject about a breach
  • Up to €20 million or 4% of annual global turnover – whichever figure is higher
    e.g. - an organisation does not have consent from an individual to process their personal data

The term “personal data” means any information that can directly or indirectly identify an individual – this includes name and address, identification numbers from passports or driving licenses and online identifiers such as Facebook and Twitter usernames.

Am I GDPR Compliant?

If you are handling data relating to an individual within the EU, you must be compliant with the GDPR.

At Spencers, our in-house HR and Employment Support team can work with you to ensure that you have policies and procedures in place to ensure continued compliance with your obligations under the General Data Protection Regulations.

For more information on how we can help, please feel free to speak with our in-house team today on 08000 93 00 94 or, if you prefer, use our live chat function located on the bottom right-hand side of your screen or fill out our online enquiry form.

Why Choose Spencers Solicitors?

At Spencers Solicitors we are fearlessly committed to our clients and ensuring that their best interests are central to everything we do. To maintain this focus, we request client feedback at the conclusion of every case we handle. By sharing the responses we receive, you'll find out why clients choose Spencers Solicitors to deal with their legal issues.

   4.2 out of 5 following


View Client Feedback

Contact Us Today

Our offices are conveniently located near to Chesterfield town centre & fully equipped with onsite meeting facilities, disabled access and free parking.

  08000 93 00 94

  Drop into our offices

  Online Enquiry