The General Data Protection Regulation

Generally known as GDPR, these European Wide Regulations became law on the 25th May 2018.

The UK has formally adopted and enhanced these requirements within the new Data Protection Act (DPA) of 2018 which replaces the 1998 DPA.  As a result of the UK exit from the EU, these regulations are now referred to as UK GDPR.

At EBM we are very conscious of the seriousness, breadth and content within these new laws. In short, pretty much all Organizations who hold or control personal information are affected.

In summary, you must ensure that the processing of personal data (including simply storing the data) is in line with the following Six Privacy Principles stated under GDPR:

  1. Lawfulness, fairness and transparency

  2. Purpose limitation

  3. Data minimization

  4. Accuracy

  5. Storage limitation

  6. Integrity and confidentiality


Under certain situations you may legally be required to appoint a Data Protection Officer (DPO).

Where personal Data is breached, a process should be followed to minimize impact and in certain situations advise the governing authority.  The Regulations are enforced via the Independent Commissioners Office (ICO).

If you are struggling with your compliance, EBM are here to help.  We are currently supporting a number of Organisations and primary schools, including acting as DPO.


For more information please do not hesitate to get in contact with us.