General Data Protection Regulation compliance deadline approaching – are you ready?
Article 2 minute read

General Data Protection Regulation compliance deadline approaching – are you ready?

20 October 2017

The European Commission’s new, stronger, data protection regulation applies in full from 25 May 2018, with hefty penalties for non-compliance.

Over the years the European Commission has taken steps to make Europe fit for the digital age. And data protection rights will be harmonised across the European Union when the General Data Protection Regulation (GDPR) – first adopted by the Parliament in April 2016 - applies in full from 25 May 2018.

What is the GDPR?

The GDPR modernises the Commission’s 1995 Data Protection Directive to guarantee privacy rights. Its focus is on reinforcing the rights of individuals, giving them more control over their personal information including easier access, wherever in the world it is sent, processed or stored. The GDPR also ensures stronger enforcement, and sets global standards for data protection.


Under the GDPR, businesses are required to protect the personal data and privacy of EU citizens. Businesses must also follow GDPR regulations when it comes to sending this data outside of the EU.

Consistency across all 28 EU member states (all nations must transpose the GDPR into law) will make compliance, on the one hand, easier for companies. They will have just one standard to meet and one supervisory authority to answer to. However the bar is set high, and all companies should be re-examining their processes now, to ensure compliance.


Not complying with the GDPR can see companies face new major penalties up to whatever is higher - 4% of annual worldwide turnover, or €20m.

So what can see a company in breach of the GDPR? Among others, not meeting the requirements relating to international transfers for the basic principles for data processing, such as conditions for consent. Companies will also need to appoint data protection officers if they have not done so already, and these processors will have accountability obligations and binding corporate rules to abide by.

While initially the responsibility for company adherence with the GDPR may sit with HR functions, all departments of a business where personal data is used (such as in sales and marketing activities) will need to ensure compliance.

Talk to us

TMF Group can provide full data protection health checks for companies that wish to assess their current processes, to determine what changes need to be made to comply with the latest EU data protection rules.

Need more information? Get in touch with us today.

Find out how our global business services can help drive efficiency in your business.

Written by

Andreas Riegl

Regional HR Manager Western Europe, TMF Group

Insights and updates delivered to your inbox.

Sign up now