Boddy Matthews

  Boddy Matthews  

GDPR – Are You Ready?


As you will no doubt be aware, new data protection laws (in the form of the General Data Protection Regulation -GDPR) come into force on 25 May 2018. See below for our insights on the GDPR, the effects it will have on your business and highlighting actions which you should be taking to ensure compliance.


We will be updating this page and regularly adding our top tips together with other useful nuggets of information to enable you understand the basics of the GDPR and how to comply. If you require bespoke internal training on the forthcoming changes, please call your usual Boddy Matthews contact or email us at


Back to Basics



The GDPR is an update to existing data protection laws which strengthens individuals’ rights to control how their data is used. In a digital age where data has become a precious commodity it will ensure that businesses are more transparent and provide clarity on how and why they use/store/ transfer personal data.   


Yes, the GDPR will apply to all businesses that process, store, collect, or control personal data; in essence all businesses will be caught by the GDPR. All businesses process personal data in some shape or form. It will apply to all organisations established in the European Union (the EU). It will also apply to those organisations based outside the EU but which process the data of EU data subjects.


We will be looking at some of these changes in more detail and their practical implications before 25 May 2018. However, the key changes introduced by the GDPR can be summarised as follows:

  • Accountability and demonstrating compliance is at the heart of the GDPR
  • Increased and/or new rights for data subjects
  • Processors and controllers caught by GDPR
  • Appointment of a Data Protection Officer (DPO)
  • 72 hour breach notification
  • More data is caught within personal data definition
  • Higher bar for lawful processing and obtaining consent
  • Tougher sanctions


What do I need to do?

The immediate first 3 steps you need to take to assist you in complying with the GDPR should be:

    1. Carry out an internal data audit to establish the following, amongst others:
    • what personal data you hold
    • where the data came from
    • where the data is held
    • if third parties have access to that data
    • how is that data kept secure.
    2. Identify the basis under which you process personal data:
    • Do you have a lawful basis for processing that data?
    • Do you rely on consent? If so, how was this consent obtained? Will this consent be valid under the GDPR?
    3. Review the format and content of your current privacy notices:



Office Address


Boddy Matthews Limited
7-11 High Street
Reigate, Surrey




+44 (0) 1737 339838

Chambers / Legal 500


undefined undefined

Follow Us


Facebook Twitter Pinterest Linkedin

Legal Information


Company Information
Terms of Business
Anti-Bribery & Corruption Statement
Slavery & Human Trafficking Statement
Diversity Policy
Privacy Policy
Cookie Policy