Basics of GDPR in less than 60 seconds!

  1. Register with ICO. It only costs £35 for most small businesses and organisations

  1. Data can be the following:

  • Names & addresses, emails, IP addresses.

  • Car Registrations

  • Financial Details

  • Health Information

  • Religious/political beliefs

  1. You must ensure it is held correctly:

  • Collected with consent

  • Used for a specific purpose

  • Kept up to date

  • Only held as long as needed

  • Held securely

  1. Consent is an important area for marketing. When you obtain consent, it must be clear (no 'untick' a box), and 'unbundled' for example: in order to sign up for an ebook or offer,you can't ask for email newsletter sign up too.

  1. New sign ups after 25th May must meet the new standards. You don't have to go back and reconfirm, but existing subscribers must have the opportunity to opt out.

  1. Delete information you no longer need. Create a written policy for how long you keep different types of data.

  1. Have a separate page on your website with cookie and privacy policies.

  1. You are either (or both):

  • A Data Controller (gain & hold data)

  • A Data Processor (you're given data to work with)

  • If you're a Data Processor, your Controller should give you their GDPR requirements to work to.

  1. Have a plan so know what you would do if you receive

  • an access request (all the data you hold on someone)

  • a data breach

  1. Make sure all your staff keep to your instructions and document their training.

If you have any questions or your needs are more complex, then check the ICO website

Featured Posts
Recent Posts
Search By Tags
No tags yet.
Follow Us
  • Facebook Basic Square