Welcome to our Blog! 


Click on the 'Read More' Button to view the full article. If you would like to reply to a particular blog article you must be logged into the members area.  

Please check what you have written before posting to the blog as you will be unable to edit or delete the post.


* ITI and its moderators reserve the right to remove individual’s posts and the individual’s right to post to the Blog and doesn’t need to advise as to why the above has been carried out.


< Back

Getting started with GDPR

Written by Catherine Park

It's clear that the General Data Protection Regulation is uppermost in a lot of people's minds; our forthcoming webinar was fully booked in an hour. Here are some of the basics.

As we start the new year it’s time to get to grips with the GDPR: the new EU General Data Protection Regulation coming into effect on 25 May 2018. Much of the new regulation has similar principles to the existing Data Protection Act but there will still be new elements that need consideration.

If you are unsure where to start, then head to the Information Commissioner’s Office website at www.ico.org.uk where you will find lots of useful information and guidance. This guidance is evolving in the run up to implementation in May so it’s essential to keep referring back to their latest updates.

Here are a few pointers to get you started:

  • Ensure senior management in your organisation are aware of the changes that GDPR brings and that someone is appointed at a senior level to lead the implementation of the GDPR
  • Review the data you hold, how it is stored and who you share it with
  • Review your current Privacy Notices; under the new GDPR regulations you will need to expand the details included. You should identify the lawful basis for your processing activity and update your Privacy Notice to explain it
  • Check your procedures covering individual’s rights. Again, these have been expanded from the DPA including rights to erasure, portability and restricting processing
  • You will no longer be able to charge for Subject Access Rights and will have less time to provide the data
  • One of the biggest areas of change is around the issue of consent. All consent must be on an opt-in basis. Failure to opt-out is not consent. You cannot rely on silence, default settings or pre- ticked boxes to imply consent. It is strongly recommended you check the ICO guidelines on consent to ensure you are compliant
  • Check your insurance policy for data protection risks and carry out a data risk assessment
  • Ensure you have the correct procedures in place in case you suffer a data breach; you will need to document how you effectively detect, report and investigate a personal data breach. Failure to report a breach could result in in a fine
  • Don’t forget about the personal data you hold on your own employees; you may need to update employment contracts and handbooks
  • Provide induction training for new staff and update all staff at regular intervals through your internal communications
  • Review and update your existing policies and procedures

This is by no means an exhaustive list; the ICO has developed a very useful, brief questionnaire that produces a checklist report of suggested actions tailored towards your specific needs to get you started. You can find it here


Our GDPR webinar on 26 February is fully booked but, if you are an ITI member, you will be able to access the recording in the 'My ITI' section of the website from the beginning of March.



AddThis Social Bookmark Button

You must be logged in to post comments. To join ITI or register as a web user, please click Become a Member > How do I apply? in the blue menu bar above.

The Institute of Translation and Interpreting website would like to use cookies to store information on your computer, to improve our website. One of the cookies we use is essential for parts of the site to operate and has already been set. By your continued use of the ITI website you indicate your consent to our use of cookies on your computer. To find out more about the cookies we use and how to delete them, see our privacy policy.