Search Our Site

We have 3,280,035 registered online learners.
1,869 new learners so far today.

5 things you should be considering when it comes to GDPR

schedule 8th September 2017 by Roger Moore in Virtual College

Office workers collaborating

As of May next year, businesses in the UK must be compliant with updated laws surrounding data security in the form of the EU’s General Data Protection Regulation (GDPR).

By May 25th 2018, businesses and organisations across the UK must be compliant with the European Union’s (EU) General Data Protection Regulation (GDPR). There’s no shying away from this legislation - businesses must either prepare for it or face damaging fines.

Most significantly, the GDPR will impact the way marketing communications are sent to customers and how they look after any personal data they receive. Should companies fail to adhere to this, they will be fined up to 20 million euros (£17 million) or four per cent of the global annual revenue - whichever is the greater amount.

Here we take a look at five things your business should be considering ahead of the GDPR deadline next year.

1. Data breach protocol

As hackers advance, it becomes increasingly more likely for companies to suffer a data breach. This makes it all the more important for business to have a data breach protocol in place, which will prevent this from happening and support the GDPR compliance.

This sort of protocol isn’t a type that just fixes the breach once it occurs. Instead it should help to plan for a breach while describing the nature and likely consequences of one, along with the proposed measures of mitigating its possible effects. This way, organisations will be able to identify the data that was taken, and where the breach occurred.

2. Privacy policy

Businesses and organisations should ensure that their privacy policy is up to date, especially in anticipation of the new legislation coming into place. The GDPR is also likely to change regularly, which is why it is important for corporations to keep an eye on this and alter their privacy policies accordingly.

Instead of waiting for the GDPR to directly impact their company (this could very well be in the form of heavy fines if they fail to comply), employers should adopt a proactive stance by reassessing their current business strategy.

3. Personal data

Companies must consider what personal data they are storing, as the GDPR will cover this. As of May, personal data will include names, addresses, telephone numbers, account numbers, email addresses and IP addresses. According to Corporate Compliance Insights, Personally identifiable information (PII) data can be client data or employee data and can be stored in disparate repositories.

To ensure that their business is compliant with the regulation, employers will need to gain a good understanding of what data they hold, why they have it, what they intend to do with it and how they are keeping it and how they discard it.

4. PII data

Companies must establish and clarify the whereabouts of each type of data - including PII data - and the parameters for handling it. No matter where the data is stored, it should only be where corporate policy dictates.

Relevant training must be provided to employees that are aware of, or whose job responsibilities involve working with PII, so that they understand that they cannot share it indiscriminately.

5. Policy components

A data privacy policy will be core to any business following the GDPR but many companies may be unsure of what exactly to include in their policy. Businesses should ensure their information practices are explained in layman's terms to avoid any confusion.

They should also highlight an individual's right to opt out of sharing their PII for internal use or use by third-party companies. The firm’s stance on data security should also be included here.

Corporate Compliance Insights

Related resources

Roger Moore - Virtual College

Author: Roger Moore

Roger graduated in economics from Warwick University and first had a career in teaching, progressing to head of business studies in a large comprehensive school. His long and varied marketing career included working for the world’s largest PR agency. He enjoys reading, swimming, country walking and watching and participating in racquet sports.

ISO 9001:2015
Crown Commercial Service Supplier


+44 (0)1943 605 976

Marsel House


West Yorkshire

LS29 8DD

Awards for footer
Gold and silver award winners at the Learning Technologies Awards 2017 - including gold for excellence in the design of learning content.


We are in the process of moving to one Virtual College website. If you want to go back to a course, or start a course, bought from our old website then you may need to login to our original learning management system. Otherwise, please proceed to our new learning management system to return to your training.


You are already logged in. Click the button below to be taken to your LMS dashboard. Alternatively, click logout to leave the system.