General Data Protection Regulation (GDPR) and cyber risk

1 July 2016

By Chrissie - Founder and Chartered Secretary

Eximia Comms | GDPR | Data Protection


I recently attended a WIN event hosted by law firm, DLA Piper. It covered the topical changes concerning data protection and took a hands-on approach to expressing the realities of cyber risk.

The first session covered the imminent changes as a result of the General Data Protection Regulation (GDPR). It’s taken over three years of planning and discussion, but we now have an agreed EU data protection framework. The GDPR will replace the current Directive and will be directly applicable in all Member States. It’s likely to come into force in May 2018, but given there is substantial change, companies are already looking to overhaul their processes and procedures to make sure all data processing activities are compliant when it comes into force. For background information about the GDPR, key changes and actions to take, see DLA Piper’s dedicated GDPR microsite.  

This was followed by an insightful session presented by a digital forensics and incident response expert, covering a view of the current cyber breach landscape and a case study of a recent breach. It demonstrated how to execute an effective communications plan for a cyber crisis.

The final session was ‘experiencing a breach’, which was an interactive facilitated case study. This encouraged teams of legal minds to think about the bigger picture when tackling and handling a live cyber breach. This involved considering a breach from various perspectives:

It became evident that there is a delicate balance to managing internal investigations, reporting requirements and stakeholder interests. Therefore, having a data breach strategy, to include pre-prepared communications is vital. 


Are you ready?

There may be further amendments and only once this process is complete will the two-year period run before the GDPR will come into force. Companies are beginning the process of moving towards compliance as many of the obligations will take time to integrate.

As part of this process the following needs to be carried out:


Brexit and its effect on the GDPR

The GDPR comes into force in 2018, so depending on the precise timing of withdrawal from the EU, the GDPR may not apply to the UK and, if it does initially apply, it will then cease to do so. The UK Information Commissioner has made it clear that he expects standards equivalent to the GDPR to be applied in the UK post-Brexit to enable businesses to transfer their data between the UK and the EU in the ordinary course of business. Brexit is therefore unlikely to make a material difference to how employers plan for the GDPR.


We are ready

We can assist you with planning, the creative, implementation and review of a communications strategy. The GDPR will also affect current policies and guidance notes in place so these will need to be reviewed, and updated from technical and creative perspectives.


Helpful resource:


WIN events are set up to help in-house lawyers keep up to date with legal developments and network with peers. They also provide superb sessions that look to develop soft-skills needed to be an effective in-house lawyer. For more details:

Chrissie - Founder and Chartered Secretary

Explore more insights

Read more
phone Call us on 020 7420 1984 or send us a message

Subscribe for insights and updates


Key areas of interest

Increase the effectiveness of your colleague communications by receiving tips, ideas, trends, events and exclusives. We focus on quality over quantity so will never overwhelm your inbox, but you can easily unsubscribe at any time.

By clicking below, you consent that we may process your information in accordance with our ​Privacy policy​.