Image Image Image Image Image Image Image Image Image

GDPR: General Data Protection Regulation

March 16, 2018 | By | One Comment

GDPR: General Data Protection Regulation

What is GDPR?

General Data Protection Regulation (GDPR) is an EU Directive which will come into effect on 25 May 2018. The UK government has passed and published a Data Protection Bill to reflect GDPR standards in UK law. GDPR introduces new data protection obligations for organisations who use personal data and additional rights for individuals. This regulation applies to all UK businesses, not just those within the recruitment sector, and will have implications for our clients as well as EGB Consulting.


Why is the law changing?

The current legislation which covers data protection came into effect in 1998. Since that time there have been many advances in technology and an overall increase in the processing of personal data for a wider range of organisations. This new legislation is to take into consideration those changes to protect an individual’s data.


What data does GDPR relate to?

GDPR relates specifically to personal data (it does not relate to all forms of data). Under GDPR the definition of personal data has been expanded to include any information that ‘identifies an individual either directly or indirectly’.

From 25 May 2018 it will include the following:

  • an individual’s name;
  • an individual’s identification number e.g. a payroll worker number, a CV reference number, a named email address or telephone number;
  • an individual’s location data;
  • an individual’s online identifier (i.e. IP address or cookie identifier), and;
  • factors relating to the psychological, economic, cultural, social or physical identity of an individual.


What are the key changes?

GDPR legislation requires that businesses who process ‘personal data’ take a privacy by design and default approach to protecting the data it processes, to ensure that:

  • data protection is integral to all data processing activity;
  • consent is obtained to hold data;
  • data is held for reasonable time periods, and;
  • data is pseudonymised, anonymised and cyber security is maintained.

It also introduces new rights for individuals including how they are informed their data is being processed, how their consent is obtained, how data is processed and how consent can be withdrawn.


What is EGB Consulting doing to prepare for the change?

In line with GDPR requirements we have:

  • Documented the structured data we hold in an Information Asset Register;
  • Appointed an internal Data Protection Officer;
  • Completed a review of current personal data processes and procedures;
  • Commenced GDPR training for all staff to support compliance;
  • Reviewed contractual agreements in line with the new legislation;
  • Reviewed data security on how we share personal data with third parties, and;
  • Commenced definition of our ongoing compliance governance framework.


What are the next steps?

In the next couple of months, you will receive from us notification of any contract variations necessary to include the new GDPR legislation.

If you have any questions please do not hesitate to contact our Data Protection Officer:




  1. David

    IMO GDPR has resulted in receiving hundreds of email requests, all of which I’ve e ignored. Frankly, if we don’t reply then you should ‘automatically assume’ that I want you to keep my data. The Governments policy here is clear as it automatically enrols people onto their auto enrolment for government pension scheme, it’s the same policy of consent, whether I like it or not I have to apply to leave the scheme. As usual the “Conservatives” couldn’t organise a piss up in a brewery unless it involved a punch-up over leaving the EU (!)

Submit a Comment