General Data Protection Regulation (GDPR)

With less than a month to go until GDPR comes into force, have you taken the necessary steps towards becoming GDPR compliant? Failure to comply may result in a fine from the Information Commissioner’s Office (ICO).

The first step to take in order to comply with GDPR is to carry out a “data mapping” exercise (a data audit) to establish the following:

  • What data your organisation holds?
  • Where it came from?
  • How it is used?
  • What legal basis under GDPR applies to its use?
  • Where it is stored?
  • Whether adequate measures are in place to protect the data?
  • and how long it will be kept?


If you need assistance, CWJ are able to help with the following:

Employment matters

  • Advice on updating data privacy notices
    You will need to inform employees, job applicants and leavers about the data you are holding.
  • Contract and policy review
    This will include updating the employment contract and preparing a GDPR compliant data protection policy.

Commercial matters

  • Updating privacy policies
    This will need to be updated to inform your customers of the purposes for which their data is used and their rights under GDPR.
  • Contract reviews
    There is a need to review contracts with your suppliers and ensure there are provisions about how data will be handled and shared.
  • Data protection policies
    We are able to provide advice in relation to your use of data for marketing purposes.