Laura Gillespie, litigation and regulatory partner at Pinsent Masons, said: ‘GDPR has no transition or implementation phase and as such will be effective from Day 1, 25th May 2018. That means businesses have just over a year to prepare for the biggest shake-up to Data Protection law in recent history.’ Ms Gillespie also warned that the cost of getting it wrong was severe. ‘Under the current regime, the Information Commissioners Office (ICO) has power to issue fines of up to £500,000 whereas under the new framework, the ICO will have the power to impose fines of up to € 20 million or 4 per cent of global turnover, whichever is higher.’

What to do to get ready

Law firms have been advised that in order to be ready for the new legislation their clients should conduct a privacy impact assessment, review policies, systems and procedures to assess what action should be taken, start/retain audit trail of DP compliance measures, ensure an incident response plan in place should an incident occur and have a regular system of review and updating.