• Technology
  • June 17, 2020

Missed the GDPR Deadline of 25 May 2018? Don’t Panic There is a Cure for Your GDPR Hangover!

If your company is still navigating its way through the EU General Data Protection Regulation, (despite the compliance deadline having come and gone) there are 5 immediate steps you can take RIGHT NOW to become GDPR compliant as soon as possible and get rid of your GDPR hangover!


An absolutely essential part of being GDPR compliant is having the right documents in place that show the ICO that you have taken the necessary steps to become GDPR compliant should an investigation or audit ever take place.

The right GDPR documents should typically include:

Data Protection Policy (internal document) 
Data Retention Policy (internal document) 
IT Security Policy (internal document) 
Data Privacy Policy (to be issued to your data subjects, typically appearing on your website) 
Terms of Website Use (available on your website) 
Employees Privacy Notice (to be issued to employees) 
Updates to employees’ contracts of employment 
Data Processing Agreement (or amendments to existing contracts) where either your organisation or a third-party organisation providing their services to you may be classified as a Data Processor 
Amendments to Data Controller agreements where typically both parties to a contract may share personal data
Data Protection Impact Assessments, where necessary 
Correct language for obtaining consent 
Communicating changes to your Privacy Policy to your data subjects, such as customers. 
You may also need to have other documents and/or statements, depending on the nature of your particular business so it’s best to seek expert advice too so you can get it right for YOUR business. It is also very important to remember that compliance with all of your established policies and procedures is as important as having them in place and you will need to train your staff accordingly.


GDPR is an important piece of legislation and as you may know the breach of its provisions may cost up to 20 million Euro or up to 4% of a company’s worldwide turnover (whichever is the greater) not to mention potential negative publicity and damage to reputation so it is important to get it right and make sure that senior staff with an overview of the whole business are involved and that the right amount of time and resources are allocated.

3.  ASSESS HOW YOUR ORGANISATION USES PERSONAL DATA Personal data is information that allows identifying an individual directly or indirectly, including their name, contact details, ID number, IP address, photographs and similar. It is important to take an assessment of what exact types of personal data are processed within your organisation and how they are collected, shared, stored, disclosed and are otherwise processed by your company.   

You will also need to note reasons and the lawful basis for the processing of each of the categories of personal data by data subject so for example for your customers, employees, sub-contractors, suppliers, contractors, business contacts and any other type of data subject that is applicable to your business. You might find it useful to create a spreadsheet and even flowchart diagrams as a starting point and you will need all this information for your Data Protection Policy and other GDPR related documents.


One of the GDPR principles is to not keep personal data for longer than necessary so you will need to establish how long you will keep different categories of data for and when you will need to dispose of it securely. Retention periods will vary by organisation.


You must ensure that you have appropriate security measures in place in order to protect personal data, taking into account the resources of your organisation, as well as the nature of personal data itself and the potential harm that a security breach might cause. This is relevant to both paper and electronic documents with both physical and IT security measures being important. A security breach will need to be reported to the Information Commissioner’s Office (ICO) within 72 hours of its occurrence and there must be procedures in place within your organisation to make sure this happens on time, especially when third parties are involved. 

It may all seem quite daunting but it is more important than ever to tackle your GDPR compliance. Now is the time for ACTION and remember LawBite is here to help!

To consult with the Lawbrief lawyer Alla, please submit an enquiry for a free 15-minute consultation or call the dedicated GDPR Hotline 0845 241 1843. To find out more please click here.

 Journey further… 
How LawBite works LawBite GDPR Rescue Package

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.

Related Articles

Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.

blog image
  • By LawBite Team
  • May 01, 2022
What are Articles of Association?

Setting up a limited company is one of the most common routes entrepreneurs take when they start their business. If you have decided to take this r...

blog image
  • By LawBite Team
  • May 01, 2022
Do I need a privacy policy on my website?

The short answer is yes, all businesses that process personal data must have a detailed privacy policy. In most cases, a privacy policy will sit on...

blog image
  • By LawBite Team
  • April 13, 2022
Understanding Conflict of Interest (COI)

One thing our lawyers consistently emphasise to our clients is the importance of having well-considered and expertly drafted documentation, for exa...


LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

defend a claim

Talk to a Lawyer

Book a Call
defend a claim

Essentials Plan

Join for Free