The New General Data Protection Regulations

This is, of course, something that fills every business owner with delight. A new regulation they have to adhere to and a deadline of 25th May 2018 to get ready by. It’s not all as bad as many people have been making out though and could actually be a very positive step forward. The current Data Protection Act was updated in 1998 which means that the current legislation is 20 years out of date. The new GDPR aims to bring everything and everyone up to a higher standard.

Nothing on this page is meant as legal advice, it’s only provided to help your understanding of the new regulations. It will be the Business Owner’s responsibility to have researched and implemented GDPR properly having taken the proper legal advice.


Who does GDPR apply to?

Any company that holds the data of individuals, that’s clients, customers or employees, needs to be GDPR compliant. Why? Well it’s all about transparency and making sure that a business is controlling and keeping information safe and secure. If you really care about your clients/customers/employees then isn’t it a good idea to show them you’re taking care of their details?

The whole process of becoming GDPR compliant can actually be a great way of updating the processes within your business and focusing your marketing efforts.


What information does GDPR apply to?

In short, Personal Data. According to the Information Commissioners Office Personal Data is, “… any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”.

The regulations are there to stop Personal Data being lost, stolen or sold without the consent of the individual it belongs to (or identifies), and now requires companies to be more transparent about what information they hold, information they’re collecting, why they’re collecting it, where it is stored and how it is being used.


Lawful Basis for Processing Data

You will now need a legal basis to collect and process individual’s data. The most common reasons can be by getting their consent, so you can deliver a service or contract, if you have a legal obligation to do so or if it represents a legitimate interest.


Taking care of Individual’s Rights

The GDPR sets out a list of eight rights that individual’s will now have in regards to their data such as the right to be informed how their data is being used, the right of access to it and rectification (e.g. updating and changing of the details you hold), and the right to be forgotten (e.g. deleted from your systems).


From a practical point of view every point where you collect, store and use individual’s data will need to be looked at.

From a website perspective, you cannot assume consent when collecting contact information, so an opt-in checkbox becomes essential and a link to your data policy which describes what you do with the data entered into the form.

Anyone you send email marketing to will need to consciously opt-in to receive it in future and you’ll need to ensure you provide an unsubscribe button in every marketing email and newsletter you send out.

Keeping track of which third party software packages you use, what information they hold, are they compliant and who has access is also important.

More from the ICO on GDPR

Prepare for GDPR

This PDF is a handy guide with 12 easy steps to start identifying what to do

GDPR Assessment

Take the ICO's interactive GDPR data protection assessment online

Are You Sharing Data?

Have you hired a marketing company and need to share your customer data?

Need help or have a question? Get in touch

John can be contacted via
The Design Mechanics London,
East Side Offices, Kings Cross, London N1C 4AX

This website was Designed and
Created by TDM London