Data Protection & GDPR

It is important that you understand your obligations under the new General Data Protection Regulation (GDPR), so that you do not inadvertently incur seriously large fines and penalties for you and your business.

Did you know that GDPR specifically bans pre-ticked opt-in boxes? 

And, consent to process personal data to send offers must be separate from other term and conditions?

Any business administering personal data in the provision of goods and services, employing people and to undertake marketing activities, including using direct marketing via email and post, websites, using cookies and sharing data with third parties and taking payments, must comply with GDPR in processing employee and customer/service user data.

You need to be clear on what you should be doing, including to audit the data you hold to take bookings and payments, for direct mail, on websites and in handling employee data. 

In addition, you must ensure that the correct privacy notices are included on documentation and forms, or over the phone, for people when providing their personal data.  Consent must be recorded and can be withdrawn.

It is imperative that you understand your legal basis for processing data, to be able to write these privacy notices.  You need to know what privacy notices and consent authorisation you need in place, the role of data protection officers, and review any sharing arrangements.

Remember, to demonstrate compliance with GDPR, you must take certain measures, and know how to respond to a data subject access request, and know when and how to report a breach.

Click on individual documents for more information.

For information on GDPR workshops (full day, half day and evening workshops are available which can be tailored to a specific sector), please E-mail 

On a full day workshop we audit your data in the afternoon, and draft both your data protection and privacy policies in the afternoon.  Alternatively, we do this over two evening or two half day sessions.