General Data Protection Regulation

The General Data Protection Regulation (GDPR) is due to come into force in the UK on Friday 25 May 2018. If an organisation is found to be in breach of the GDPR after this date, it could face a fine of up to 4% of its annual turnover, or €20m (£17.8m), whichever is greater.

Organisations need to review their data processes to ensure that they comply with the requirements of the GDPR. Whether you are unsure about where to start with your GDPR preparation, or are further down the line with your compliance efforts, our latest podcast can help. It highlights new and updated resources on XpertHR, such as How to start preparing for the GDPR, which covers the basics, and our model Employee privacy notice, to help you comply with your notification obligations.

Listen to ...

... our on-demand webinar on data retention under the GDPR. In this webinar, Jo Broadbent and Stefan Martin from global law firm Hogan Lovells discuss strategies to help employers put in place data retention policies and procedures that comply with the GDPR.

Below we list our new GDPR-compliant model policies and documents as well as our other GDPR resources.

Policies and documents (compliant with the GDPR)

Other GDPR resources

Getting started

The legal grounds for processing data

Processing activities

Third-party processing

Data retention and erasure

Subject access requests

Special categories of personal data