What is GDPR



What is GDPR and how it can affect your business?

What is GDPR? The General Data Protection Regulation is a relatively new EU law that was brought in during 2018 that focuses on how businesses store their customer’s data and it introduced measures to make businesses use more professional and ethical practices when dealing with personal information. The EU law added certain requirements when processing peoples personal data. 

How does GDPR Affect my Business?

GDPR affects almost all businesses, for example, if you collect cookies on a website or your website stores peoples contact details. Here are some of the key things to consider to be GDPR compliant with your business. 

Lawful, fair and transparent processing

You must only collect data for legitimate purposes that are lawful and you must let the customer know about the processing of their data such as having a privacy policy on a website.

Limitation of purpose, data and storage

Data must be only collected for the purpose it was intended for and not for any other reasons and data must be deleted when its neccessary when the purpose is fulfilled.

Data subject rights

A customer can ask a company what data they have on them, ask what they do with this information, make a complaint or even ask for its deletion,


When collecting a customers data, you clearly must ask them for their consent for the data which they can take away at any point and if its someone under the age of 16. Only their parents can consent for them.

Personal data breaches

In terms of a data breach you must notify your sutomers with 78 hours og you being aware of the situation.

Privacy by Design

Organisations should introduce procedures to protect customers privacy, so protection is ensured.

Data transfers

When data is being transferred even if its done by a 3rd party, you have a dutu to make sure GDPR regulations are upkept and customers data and privacy is protected.

Data Protection Officer

An organisation should assign a Data Protection Officer whos duty it would be to advise the company on GDPR procedures and make sure they are kept to the highest standard.

Awareness and training

Business should be aware of GDPR compliance and potentially have their staff train in GDPR to make sure that you are keeping up to Standards.



Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.