It has now been over five years since the GDPR (General Data Protection Regulation) came into force – and with it a major shift in what was expected of organisations when it comes to data protection compliance.

Although the GDPR was originally a European regulation, the standards and principles it set out have been transposed into UK law through the Data Protection Act 2018, which introduced a new UK GDPR.

Since then in the intervening period, employers have navigated the COVID pandemic and massive changes to the way we work with the increase in hybrid working, which has inevitably led to changes in the way they hold and utilise data. From our experience advising clients on their data protection compliance obligations over these last five years, here are our top tips when it comes to managing data protection issues in the workplace:

We often say that compliance is a journey, not a destination. It requires an ongoing commitment and if the team at Burness Paull can help you along the way please do not hesitate to get in touch. In particular, now might be a good time to consider carrying out an organisation-wide privacy audit / compliance “health check” through our newly established Data Protection Consultancy practice. If that sounds of interest, you can contact us here to arrange a time to discuss further.

For further information on how we can assist with any subject access request queries, please see here.

Written by

Related News, Insights & Events

Error.

No results.

All Aboard…UK Emissions Trading Scheme Extends To Maritime Emissions

A new cost of carbon for maritime: UK Emissions Trading Scheme extends to maritime emissions

01/07/2026

The UK’s push towards net zero continues at pace, with the maritime sector now firmly in scope.

Read more
Employment Law Lab

Top 10 tips for managing probationary periods

16/06/2026

In this article, we provide our top tips on probationary periods.

Read more
Getting Your Data Ducks In A Row

Getting your data ducks in a row: putting the Data (Use and Access) Act 2025 into practice for pension schemes

09/06/2026

In this blog, we consider how The Data (Use and Access) Act 2025 (the “DUAA”) raises the bar for how pension trustees’ role as data controllers must be performed.

Read more

Want to hear more from us?

Subscribe here Subscribe here