Businesses need to check their GDPR compliance one year on, warns Hethertons Solicitors

Nearly one year on from the introduction of the General Data Protection Regulations (GDPR) York and Boroughbridge-based solicitors Hethertons fear that many businesses may still not be compliant.

The GDPR came into effect on 25 May 2018 and has required businesses to adhere to a strict set of rules when collecting and processing personal data.

Despite many businesses scrambling to get preparations in place before the deadline last year, David Scott, a Senior Associate and expert in the GDPR at Hethertons Solicitors points to recent research that shows over a third of SMEs still do not know who GDPR affects, while a further one in ten small businesses do not think that individuals have any new rights following its introduction.

He is warning that after 12 months of a soft-touch approach by the Information Commissioners Office (ICO), which is responsible for the enforcement of the rules in the UK, the regulator may now begin to increase its scrutiny of businesses and organisations.

“When the ICO announced the introduction of the GDPR they made it clear that in the initial year they would give businesses the time they needed to get to grips with the new data protection regime,” said David.

“However, that year is now nearly up and there are some shocking facts and figures out there, which suggest that many small businesses are not compliant, even if they may have previously taken action in 2018.”

So far, the ICO has taken formal action against 53 organisation under the GDPR, but David believes that this number is likely to increase significantly.

David said: “With fines of up to 20 million Euros or four per cent of annual global turnover – whichever is greater – businesses need to wake up to the potential pitfalls of the GDPR and act now if they have done nothing.

“Even those businesses who think they are fully compliant should reassess their procedures for data requests and breach of the GDPR and remind themselves of the rights of personal data holders to ensure they are still compliant.”

David added that Hethertons Solicitors had resources and articles on its websites to help people check that they are still in line with the requirements of the GDPR. These can be found by visiting