Last updated: 21.12.17

Workplace Compliance in 2018

Compliance is certainly not something that businesses enjoy thinking about. It can take a huge amount of effort to simply make sure that all employees and processes are compliant in whatever regulations pertain to your industry. But when new compliance regulations are coming into effect, it can be even more of a headache. Of course, this can be alleviated by proper planning in advance. After all, if you know what’s coming, you can make sure you’re compliant well before the deadline, and there’s less stress involved. With this in mind, we’re going to take a look at three of the major bits of compliance coming into effect in 2018. They won’t all pertain to all industries, but they will have impacts for millions of workers and businesses.


The first regulation incoming that we’re going to talk about is the biggest one of them all. This one has the potential to hit most businesses, and if you haven’t already got your head around it, then it’s critical that you understand what it means as soon as possible. We are of course talking about GDPR.

The General Data Protection Regulations come courtesy of the EU, and your business must be compliant by the 25th May 2018. If you don’t, the fines can be very large indeed, running into the millions in some cases, and it’s not difficult to be noncompliant.

GDPR essentially gives EU citizens much greater control over their personal data, and how that data is used by businesses and organisations that collect it. In short, this means that citizens are able to request details of the information you hold about them, they can ask it to be changed, and they can request it is deleted. In addition, you now must have a legal justification for collecting data, which is likely to require documented consent.

In practice, this means that millions of people will need to receive some form of basic training in how GDPR affects them. Virtual College does offer a free GDPR overview, which can be found in our compliance section here.


Finance is the sector that’s going to see the biggest changes in 2018. In addition to GDPR, it will also need to contend with MiFID II, which promises to be a big shake-up, and hits right away on the 3rd of January.

Firstly, some background. For those that are not familiar, the Markets in Financial Instruments Directive is another piece of EU legislation, which regulates any firm that provides services in regards to financial instruments such as shares, bonds and derivatives. It was implemented in reaction to the 2008 financial crash. MiFID II is essentially a reboot of the original legislation with a host of additional regulations that financial organisations must be aware of.

These new changes are extremely widespread, and will now regulate almost every aspect of derivatives trading to an incredible degree. One of the headline changes is that financial advisors who recommend one of the covered financial instruments to a client, must record that conversation and store it for up to seven years. This is a change that not all businesses are prepared for, and there will be major pressure in particular on IT departments who are responsible for controlling this information.

Combine this with GDPR and you can see how significant MiFID II could be for the financial industry.

Senior Managers Regime

Senior Managers Regime (SMR) is another piece of legislation that was implemented after 2008’s financial crash. This one was put forward by the UK’s Financial Conduct Authority (FCA), and was implemented in 2016.

The aim of this legislation was to make sure that all of the UK’s major financial organisations had clear accountability in place for senior members of staff. This includes making sure that their responsibilities are clearly outlined, including how their responsibilities interact with one another, and also means that senior staff must go through due diligence before being hired.

So where does 2018 come into this? While 2016 was the compliance deadline for major organisations, the FCA has said that in 2018, all firms that it regulates must become compliant. The Financial Times estimates that this could mean 47,000 businesses are affected, which in turn will mean thousands of managers need to understand the changes.

Related resources