COOKIE NOTICE: 3C Consultancy uses cookies to store information on your computer, in order to improve your experience when using our website. One of the cookies we use is essential for parts of the site to operate and has already been set. You may delete and block all cookies from this site (using your browser), but parts of the site may not work. To find out more about the cookies we use and how to delete them, Read More.

Call us: 0333 900 3003

Will Your Organisation Get Caught Out by GDPR?


On May 25th, your employees, clients and contractors will have much greater rights than before over the way their personal information is collected and handled by your organisation (or any other organisation in the EU).

And your organisation needs to be ready to respond quickly to the requests they make about their data.

May 25th is when the EU’s General Data Protection Regulation (GDPR) comes into effect. The GDPR strengthens individual rights that were already covered by the Data Protection Act (1988) and adds some new ones. It means individuals will have:

  • The right to be informed about the data processing you carry out. The information you provide must be written in a way that’s easy to understand.
  • The right of access to the personal data your organisation holds about them.
  • The right to have their personal information changed if it is inaccurate or incomplete.
  • The right to have their personal information removed from your records.
  • The right to restrict processing of their personal information.
  • The right to move, copy or transfer personal data easily from one IT environment to another safely and securely.
  • The right to object to the processing of their personal information.
  • Rights in relation to automated decision-making and profiling.

As 3C Consultants’ Managing Director Colin Sales explains in this video, it’s imperative everyone within your organisation understands the changes to the rights of individuals regarding data protection so that they know how and when to respond to those who wish to exercise their rights.

For instance, your organisation will need to respond to subject access requests (SARs) within one month. The deadline can stretch to three months if there are a number of requests, or the request is complex, but you still have let the individual know within one month why the extension is necessary.

Failure to comply with the GDPR could result in very stiff penalties. For example, a serious breach of data protection or non-compliance could incur a hefty fine—4% of the organisation’s annual global turnover or €20 million, whichever is greater. A failure to keep records in order, a failure to report a data security breach, or a failure to conduct impact assessments could result in a fine of up to 2% of an organisation’s annual global turnover.

Few organisations can afford such massive fines or the accompanying negative publicity they may attract. That’s why Colin urges you to make sure everyone within your organisation is up to speed with the GDPR before May 25th.

If you need help or would like to discuss any issue that this GDPR video series raises, please call us now on 0333 900 3003.