GDPR and Data Protection Act 2018

The Data Protection Act 2018 replaces the Data Protection Act 1998, and came into effect on 25 May 2018.      It sets out the framework for data protection law in the UK.   It sits alongside the GDPR, the General Data Protection Regulation (EU) 2016/679 which came into effect on 25 May 2018.

The DPA  sets new standards for protecting general data, in accordance with the GDPR, giving people more control over use of their data, and providing them with new rights to move or delete personal data.  It requires organisations that handle personal data to evaluate the risks of processing such data and implement appropriate measures to mitigate those risks.

No matter how large or small the organisation, anyone responsible for using personal data has to comply with ‘data protection principles’, making sure the information is:

  • used fairly, lawfully and transparently
  • used for specified, explicit purposes
  • used in a way that is adequate, relevant and limited to only what is necessary
  • accurate and, where necessary, kept up to date
  • kept for no longer than is necessary
  • handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.

If your business handles personal data you should:

  • Identify and record what personal data you process, where it comes from, why you have it, what you do with it, where you keep it and how long you keep it for
  • Identify and document your lawful basis for processing personal data
  • Have policies and procedures in place to comply with the Data Protection Act and for individual’s to exercise their rights over their personal data
  • Have policies and procedures in place to keep the personal data you handle secure, including agreements and contracts with any suppliers and third parties you share personal data with
  • Train your staff so they understand their responsibilities in handling personal data, including how and when to report a personal data breach

How we can help

No matter where you are on your compliance journey,  whether you are starting up, working towards, or performing an annual review of your compliance, Percipient Consulting can help.

We are happy to assist with

  • Implementing policies and procedures
  • Personal Data inventory and process flow mapping
  • Subject access requests
  • Data security incident management
  • Data handling process reviews and GDPR compliance reviews

Please get in touch get in touch for a no obligation chat to see how we can help you.


GDPR Training lightbulbWe can provide standard or bespoke GDPR training  depending on your business needs.    We will work with you to identify which areas of GDPR you wish to cover and can deliver training at your business premises or at mutually agreed locations close by.



Our standard training packages include the following:

  • GDPR Fundamentals – small/medium business owners
  • GDPR employee awareness training

Contact Us to see how we can help, we’d love to hear from you.