Skip to: main navigation | main content | sitemap | accessibility page

Are you ready for GDPR?

New privacy regulations are coming in next year and many companies are unprepared.

The GDPR (General Data Protection Regulation) will come into force on May 25th 2018. Although it might seem a long way off, the new regulations are much more involved than current UK Data Protection Act rules, so there’s lots for businesses to do in preparation.

Although it’s unlikely, those who don’t comply could be hit with huge fines – up to 20 million euros or 4% of turnover, whichever is higher.

Who is affected?

All businesses worldwide who hold personal data of people who live in the EU, and before you breathe a sigh of relief, Brexit won’t make a difference.

What are the key changes?

  • The definition of “personal data” is now much broader, and includes any information that may identify an individual, including IP addresses.
  • Consent will need to be explicitly provided for businesses to store data. The current methods of consent used by many websites (such as notices and implied consent) won’t be enough.
  • Privacy policies will need to detail, in plain English, exactly what data will be used for.
  • People must be able to view their data and opt out, if they want to.
  • Organisations must notify their local Data Protection Authority of a data breach within 72 hours of discovering it.
  • In some cases, businesses will have to complete a DPIA (Data Protection Impact Assessment), before collecting data.
  • Organisations need to appoint someone to be responsible for data protection.

What do businesses need to do?

Start preparing

As the new legislation is much more complex and demanding than the current regulations, action will need to be taken now to be ready in May 2018. The ICO recommend starting by completing an audit of your current data collection practices.

Appoint a Data Protection Officer

Each organisation must have someone responsible for data protection, and certain organisations will also need to formally appoint a Data Protection Officer.

Review software

Much software currently in use, including CRMs and email marketing software, doesn’t meet the requirements for allowing people to view and erase their data. Businesses will need to review the software they are using to check it meets the new regulations.

Where to find more information

Here’s the key links for UK businesses:

Share this article

Related Blogs

18Nov 15 

Does your business need an SSL certificate?

Since we published this article in November 2015, things have moved on considerably. Read our latest blog on the subject for a more accurate answer: Is 2017 the time to go HTTPS with an SSL certificate? Last year in our blog we wrote about how Google were starting to prioritise secure websites (https) over unsecure websites (http) in search rankings. This was part of Google’s wider campaign for https to be used everywhere, and for all information on the web to be transmitted securely. Since ...

23Sep 14 

How to build your email marketing list

Email marketing is an extremely effective marketing technique and the relatively low cost means it can deliver excellent return on investment. On average, every £1 spent on email marketing can see a return of over £40. Sounds good, doesn't it? Sadly it’s not quite as simple as putting an email together and sending it out to the world. In order to take advantage of the power of email, you need a strong email marketing list, and when it comes to email, quality is just as important as numbers....

10May 11 

Email marketing in the UK - what is legal and what is best practice?

I recently gave a presentation about email marketing to an audience of business owners and managers. There wasn’t enough time to cover all attendees’ questions regarding the legalities so hopefully I set the record straight in this article. I have a simple definition for spam (unsolicited email): it is any email message sent to the recipient without their explicit consent to receive email communications on that subject from the sender. But what does the law say? The EU directive on Priva...

Subscribe