GDPR - General Data Protection Regulation (EU and UK 2018)


Involved In Discussions
The EU General Data Protection Regulation (GDPR)

All kicking off 2018

How many UK and EU Quality staff are getting involved at company level, have you nominated a DPO (Data protection officer/person), difficult for small companies?

any thoughts?

any good training companies in the uk?

any recommendations

many thanks



Trusted Information Resource
We're a small company so I get involved in most things. If you are in medical devices the new ISO standard makes reference to data protection therefore quality people in the MD world are likely to be pulled in

We already have a DPO, we haven't been on any training

I'm curious about our obligations to inform data subjects when we obtain their data through sources other than themselves...does anyone have any insight on this?


Involved In Discussions

yes I am just reading the implications

what annoys me is that the UK has always had time scales to hold data, say 3, 4, 7, 40 and 100 years and so on for accident, HR etc.

so if an individual wants to claim, under the new regulation a company may have deleted their information, therefore there will be no defence

leaving the company wide open to the claim as it cannot say, yes no or indifferent.

there is nothing joined up about the GDPR and the EU are NUTS...

yet another Regulation that the rest of Europe will probably ignore !


Involved In Discussions

We have been looking at the GDPR for a little time now.

For training there are many organisations out there but two providers worth looking at would be IT Governance and PDP training. I have experience or have been told by trusted colleagues that these guys are very good.

The impact on your organisation will depend very much on what your business is and who your customer and contact base is.

If you are B2B manufacturing, it is likely that the only impact you will have will be your employee data, however if you are B2C or do any form of direct marketing / website sales or similar then there will be implications.

As Trebor123 said, one of the biggest hurdles will be the right to be forgotten and justifying data retention times, when there is no statutory requirement to hold data as the time limits for holding data is set as 5 years when the Limitation Act sets 6, 12 or even 15 years for bringing claims against a company, and that is before you look at some of the timelines for H & S health monitoring claims.

It is going to be fun over the next few years whilst we get to grips with the requirements and implementation of systems and technology to cope with the changes in the requirements.


Involved In Discussions

many thanks

yes agree !!

maybe time to retire !! lol we wish..

if you have any contacts or other good sites etc

please drop me a PM

I am doing an excellent free online course at the moment run by Groningen University. As you would expect the English is very European but it is generally understandable. Also since our government is pretty well translating the GDPR regs straight into UK legislation wholesale to prevent problems with not being on approved data lists after Brexit, there are no significant gaps.

I can't add a link as this is my first post, but it is via Future Learn and Groningen University and the name of the course is Understanding the General Data Protection Regulation

I hope this helps someone.


Involved In Discussions
Sorry for the delay in responding - I didn't see the response asking for guidance or support.
Bearing in mind this is UK centric, the Information Commissioner's Office (ICO) has some great guidance documents and checklists that would generally be suitable for all.

The other source that I go to is YouTube - especially anything from IT Governance. Search for GDPR and there will be loads of free stuff available there.

A few things to watch out for specifically:

There are a lot of people trying to make a lot of money from GDPR so beware that you don't get ripped off and get poor information. Anyone focussing on the doom and gloom of the fines I would be especially aware of.

Article 30 - record of all processing activities

Direct marketing - this also includes elements of the Privacy and Electronic Communications Regulations (again there is some really useful stuff on the ICO website)

Home | ICO is the home website for the ICO
Top Bottom