Solicitor Fionnlagh Blair warned that local companies should make data protection their business now.
New regulations come into force on May 25 this year and Fionnlagh of Anderson Strathern told a breakfast meeting of Midlothian and East Lothian Chamber of Commerce that firms should carry out a data audit as soon as possible.
It should include a review of the data they hold and why they hold it.
And they should appoint a lead person, create a team, review their digital and IT processes and clean their database.
He told the meeting at the Macdonald Marine Hotel in North Berwick that it was vital to have clear policies and procedures, provide training and carry out assessments.
And he warned that there are heavy fines on businesses who don’t comply.
Firms must be able to demonstrate compliance and keep their data accurate and they must not hold onto data longer than necessary.
People must give consent to receiving material and silence, pre-ticked boxes or inactivity should not be considered as consent.
Fionnlagh said that companies have the right to object to direct marketing and to compensation.
He added: “GDPR is effectively a re-boot and update on the Data Protection Act it applies across the European Union.
“It will strengthen the rights of an individual in respect of date and increase obligations on companies to comply on data protection law.
“It will apply to almost every company in as much as they process personal data.”
He said that if companies sent out an newsletter or data to their customer base they should be aware.
If anybody is unsure then they should consult a professional advisor.
And he said: “As a starting point we advise every company is to conduct an information audit and that is a technical term for finding out what information you hold, where you hold it, why you hold it and where it came from.
“That will give you a much better starting point to look at what agreements you need to have in place.”