About GDPR

About GDPR

The GDPR legislation came into force globally on 25th May 2018.

Brexit will not affect GDPR as in the UK the GDPR was incorporated into the Data Protection Act 2018. 

Whether you need help understanding what you need to do to comply, or you need support or training for keeping on top of the GDPR, we can help you.

How GDPR affects your business

The ComplyGDPR team have spent a considerable amount of time understanding the impact of the GDPR regulation for executive search, interim management and recruitment businesses.

GDPR affects data that a business holds on any EU or EU approved citizen whether that person is a client, candidate, source, referee or member of your staff irrespective of the physical location of your office.

GDPR also applies if your business is based in the EU or an EU approved country even if you are not handling data of EU citizens. In the UK, GDPR is regulated by the ICO (Information Commissioners Office).

Fines for a breach of GDPR are substantial - up to 20 million Euros or 4% of global turnover, whichever is higher.  A business may also be liable to pay damages to individuals whose data has been breached.

If you would like to learn more about GDPR and its impact on your executive search, interim management or recruitment team, contact us.

What the ICO says about GDPR

The GDPR has been a game changer for everyone.

99% of the UK’s 5.5 million businesses employ fewer than 249 people, and the proportion is growing.

When it comes to data protection, small businesses tend to be less well prepared. They have less to invest in getting it right. They don’t have compliance teams or data protection officers. But small organisations often process a lot of personal data, and the reputation and liability risks are just as real.

ICO enforcement powers "aren’t just for ‘typical’ data breaches, like laptops left on trains or information left open to a cyber attack. The GDPR gives regulators the power to enforce in the context of accountability – data protection by design, failure to conduct a data protection impact assessment, DPOs and documentation. If a business can’t show that good data protection is a cornerstone of their practices, they’re leaving themselves open to a fine or other enforcement action that could damage bank balance or business reputation”.


All quotes on this page are from the Information Commissioners address in Jan 2017 https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2017/01/gdpr-and-accountability/

“We need to move from a mindset of compliance to a mindset of commitment: commitment to managing data sensitively and ethically. Not just because it’s the law, but because it’s part of basic good business practice” the ICO instructs businesses.