It has now been over five years since the GDPR (General Data Protection Regulation) came into force – and with it a major shift in what was expected of organisations when it comes to data protection compliance.
Although the GDPR was originally a European regulation, the standards and principles it set out have been transposed into UK law through the Data Protection Act 2018, which introduced a new UK GDPR.
Since then in the intervening period, employers have navigated the COVID pandemic and massive changes to the way we work with the increase in hybrid working, which has inevitably led to changes in the way they hold and utilise data. From our experience advising clients on their data protection compliance obligations over these last five years, here are our top tips when it comes to managing data protection issues in the workplace:
We often say that compliance is a journey, not a destination. It requires an ongoing commitment and if the team at Burness Paull can help you along the way please do not hesitate to get in touch. In particular, now might be a good time to consider carrying out an organisation-wide privacy audit / compliance “health check” through our newly established Data Protection Consultancy practice. If that sounds of interest, you can contact us here to arrange a time to discuss further.
For further information on how we can assist with any subject access request queries, please see here.
Written by
Related News, Insights & Events

Data and the digital economy: Managing risk and making the most of opportunities
30/09/2025 - Edinburgh
Data is everywhere – and the ways in which we’re collecting, processing and utilising it are constantly evolving, while regulation and governance best practice struggles to keep up.

The evolving nature of risk: Lessons in corporate resilience
27/08/2025
The concept of risk and reward is as old as time itself.

Summary of Employment Rights Bill implementation
19/08/2025
Focussing on the four key areas of the Employment Rights Bill