Last updated: 19.02.18

GDPR and Beyond: Compliance in 2018 – All the Incoming Laws and Legislation that You Need to Know

Compliance certainly isn’t something that businesses enjoy thinking about and planning for, but it is nonetheless an important part of good trading. And of course, it’s always better to know in advance what you’re going to be up against as things change. With that in mind, we’ve brought together a run-down of some of the most important regulatory changes that are happening in the UK as we move through 2018. Some of them are industry specific, but there are a couple of big ones that could hit most businesses.

If you need help with common issues, then you should consider compliance training in the relevant requirements. Virtual College offers a number of courses pertaining to such compliance considerations such as data protection, and you can find out more about our compliance courses here.


GDPR is unequivocally the biggest compliance headache of 2018, and indeed the biggest change for businesses in this regard for many years. It affects most businesses across the EU, and also any businesses based outside the EU that in any way interact with EU citizens. In short, it is designed to give EU citizens more control over how their data is used. This is a very broad remit that, for instance, will cover every single business that trades online. You can read about GDPR in more detail on our dedicated GDPR page here. However, to give you an idea of some of the things that it requires, you will now need to ensure you have legal grounds to collect information from or about someone (usually their explicit permission), they will be able to request details of whatever information you do hold about them, and in certain cases they will legally be able to request you delete this information. GDPR is fully implemented on 25th May 2018, and businesses will be required to comply immediately. Fines and other penalties are proposed to be very harsh, and it is likely that the EU will make an example of some businesses early on.


The Markets in Financial Instruments Directive is another EU regulation, but one that pertains specifically to the finance industry. It was introduced ten years ago with the intention of harmonizing the financial services industry across the EU in respects of security, accountability and transparency. MiFID II is an addition to this which adds a vast amount of additional requirements designed to further make the financial services industry safer and more efficient. There are many new reporting requirements, as well as restrictions on high frequency trading, which will have major impacts for financial businesses. And many haven’t quite got to grips yet.

Senior Managers Regime

Another financial issue, and one which has been ongoing for a couple of years now. The Senior Managers Regime did actually come into force in 2016, but was only applicable to larger businesses. The FCA (Financial Conduct Authority) have it in their timetable to roll it out to all relevant businesses in 2018 however, some attention must be given if you think this might apply to you at some point. The SMR is a fairly straightforward bit of compliance, and is designed to ensure that senior staff at banks, building societies, credit unions, large insurers and investment banks are fully accountable. It involves getting approval from the FCA for certain appointments, as well as fully documenting the roles and responsibilities as well as relationships of senior members of staff.

Gender Pay Gap

A particularly hot topic throughout the last couple of years, the Government decided that all businesses with 250 or more employees at the start of the 2017/2018 financial year would have to report on the gender pay gap within their company. The deadline for this is the 30th of March 2018, and there are a number of details that you’re required to give. Naturally, with many businesses focusing on their tax returns at this time of year, this information has not been sent by HR to the government in a lot of cases. The information is fortunately not overly in-depth, and it is straightforward to submit online. It’s worth noting that the information must be available for another three years, and should be published on the company website too.


Most of the Government and Civil Service’s bandwidth has been focused on Brexit over the last year, which means that there are comparatively few incoming regulations for most industries outside finance, bar the big GDPR upheaval. This is generally good news for most businesses small and large, but it goes without saying that Brexit itself is going to be throwing up quite a few regulatory challenges for a lot of sectors, and 2018 is very likely to be the year in which some of these become clearer. One consideration that will certainly need some attention this coming year is if you have employees from the EU, then you’ll need to watch out for the new visa registration system going live online, which is purported to be later this year. It should be straightforward and accept applications by default, but it’s worth monitoring developments regardless.

Related resources