Basics of GDPR in less than 60 seconds!
Register with ICO. It only costs £35 for most small businesses and organisations
Data can be the following:
Names & addresses, emails, IP addresses.
You must ensure it is held correctly:
Collected with consent
Used for a specific purpose
Kept up to date
Only held as long as needed
Consent is an important area for marketing. When you obtain consent, it must be clear (no 'untick' a box), and 'unbundled' for example: in order to sign up for an ebook or offer,you can't ask for email newsletter sign up too.
New sign ups after 25th May must meet the new standards. You don't have to go back and reconfirm, but existing subscribers must have the opportunity to opt out.
Delete information you no longer need. Create a written policy for how long you keep different types of data.
Have a separate page on your website with cookie and privacy policies.
You are either (or both):
A Data Controller (gain & hold data)
A Data Processor (you're given data to work with)
If you're a Data Processor, your Controller should give you their GDPR requirements to work to.
Have a plan so know what you would do if you receive
an access request (all the data you hold on someone)
a data breach
Make sure all your staff keep to your instructions and document their training.
If you have any questions or your needs are more complex, then check the ICO website