GDPR is here to stay

16 August 2019



The GDPR was one year old on 25 May 2019 so now is a good time to take stock and look at how you have implemented the GDPR and any impact of Brexit.

The Information Commissioner’s Office has published a report describing its experiences and the impact of the GDPR since 25 May 2018. The document reaffirms its risk-based approach to enforcement and acknowledges that it hasn’t been easy for small organisations to become GDPR compliant. The ICO intends to establish a one-stop shop to support SMEs and is also committed to updating its Guide to the GDPR as required.


Although the nature of the UK’s future relationship with the EU remains uncertain, UK organisations must still comply with the GDPR regulations as the Data Protection Act 2018 (DPA) converted the regulations into UK law.

The DPA will remain in place and the government intends to bring the GDPR directly into UK law on exit, to sit alongside it. There will be some technical adjustments to the UK version of the GDPR so that it works in a UK-only context – for example, amending provisions referring to EU laws, currency and enforcement cooperation.

Therefore, your best preparation for the future UK regime is to ensure that you are effectively complying with the GDPR now.

Data Protection Officers

LOCs do not need to appoint a Data Protection Officer (DPO). The government confirmed that optical practices that perform GOS work will need to appoint a DPOs; the Optical Confederation has issued guidance for optical practices.

There are many third parties offering data protection advice including external DPO services, often at high prices. We strongly recommend that optical practices do not hire external DPO services unless they have carefully considered the issues and decided it is the right step for their practice. Ministers have said that they expect the ICO to treat primary care providers fairly and proportionately. Third party GDPR advisers – however expert – won’t themselves understand what the ICO will expect a DPO in a small optical practice to do.

For the future

  • Continue to implement GDPR and follow current guidance.
  • Your privacy information and documentation may need to be amended if there are any references to EU law or other EU terminology. More information will be distributed to LOCs closer to the exit date.

If you have any questions please contact

Latest news

Archives by Month: