Q&A: How will GDPR affect your business?

By Blue Wren Ltd

21 Aug 2017

GDPR, or the General Data Protection Regulation, is a modernisation of the existing 1998 Data Protection Act, and is set to roll out 25th May 2018.

Since 1998, the way data is shared and held has evolved. Internet use has rocketed and social media has changed the way personal data has been collected and even used.

With GDPR’s implementation just around the corner, we spoke to Dean Martin – data protection officer at Blue Wren – to ask just how GDPR will affect businesses, both locally and nationwide.

What is GDPR set to affect?

Everything and everyone.

The GDPR will affect all businesses, as well as providing extra protection for consumers. Nothing’s changed in the fact that businesses must continue to be ethical in the way they collect and process personal information, but the extent to which businesses control and document that data will be increasingly legislated and transparent.

In a nutshell, though, it applies to any personal data that can be considered a ‘personal identifier’.

What has changed?

The biggest change is around accountability. The new legislation creates an onus on companies to understand the risks that they create for others and, ultimately, mitigate those risks. Consumers will also have stronger rights to be informed about how organisations use their personal data.

With the consumer’s right to erasure, they can request that you delete them from your mailing lists and businesses need to comply with that. On the other hand, employee records may need to be kept for several years, as legally defined for tax purposes and so on.

In essence, businesses now need to define retention periods and stick to them, be it for the needs of the business or for legal reasons. For example, you can only keep CVs for recruiting a specific position… once that position is filled they must be destroyed, unless otherwise stated of course.

How would a business obtain GDPR compliance?

Whilst I’m sure most businesses are already committed to protecting customer information, there are more practices that will need to be put in place. Keeping more records, producing more documentation, essentially putting policies in place to demonstrate that your business is specifically focussed on compliance.

And while there is the more encompassing red-tape aspects of GDPR legislation, it’s also the simple things that are heavily affected. Things like leaving confidential or personally identifiable information lying around, like contact details jotted down on notepads or Post-it notes during a phone call. They’re completely against the general principles of GDPR.

What are the GDPR principles?

Well, there are seven, if you include the business’ accountability. And you can’t just follow some; you have to stringently adhere to all of them.

Listing them: starting with accountability, your business must be able to demonstrate that it is working in compliance with GDPR. Therefore, appropriate documentation must be kept, keeping track of any permissions you’ve been granted or refused.

Next is to be lawful, fair and transparent. So, any data you collect needs to be done fairly and for a legal purpose. You can’t just collect the data without expressing why, you need to be transparent about how it’s going to be used.

The third is that it’s limited for its purpose. Meaning, it can only be collected for a specific use. To give you a dubious example: if you were collecting CVs, say, you couldn’t then retarget those people with e-shots later down the line simply because they’ve ‘technically’ given you their email address.

Another principle is data minimisation. When you collect someone’s data, it needs to be done in a manner that isn’t excessive for its purpose. So, if you’re capturing e-mail addresses for future newsletters, you wouldn’t necessarily need to know their home address.

Next there’s data accuracy, which is self-explanatory, really. But all data that you hold must be kept up-to-date and accurate. Similarly, the sixth is data retention, which alludes to the fact that data shouldn’t be stored any longer than necessary.

Finally, and perhaps most importantly, there is integrity and confidentiality. All data that you keep must be kept safe and secure. No leaving computers unlocked or passwords scribbled down in the back of books…

In a nutshell, everything must be done in such a way that only those people who have the express permission to access the information, can. And when they do so, it must be utilised in a way that has previously been agreed upon.

So, is there any further important GDPR information that you’d like to mention?

Loads, but not for a quick Q and A! I’d suggest that everybody – employee, employer or consumer – check out the ICO (Information Commissioner’s Office) guidelines on their website (linked here). Ensuring you’re compliant with everything on there isn’t an option, it’s an absolute necessity for you, your business and your customer.

Latest news

1

CMAC Group appoints Matthew Ratcliffe as chief operating officer Matthew Ratcliffe CMAC

CMAC Group appoints Matthew Ratcliffe as chief operating officer

03 Apr 2025

2

For sale signs at The Villa Villa Wrea Green has been brought to market (Image credit: The Villa Wrea Green)

For sale signs at The Villa

02 Apr 2025

3

Montane group expands with new Lancashire hub Anthony Rae Scott Murcott And Adam Lee

Montane group expands with new Lancashire hub

02 Apr 2025

4

Trio of wins for Lancaster brand and digital consultancy Tom Grattan MD and Daniel Wallace

Trio of wins for Lancaster brand and digital consultancy

02 Apr 2025

5

College excellence highlighted in Ofsted report Fazal Dad

College excellence highlighted in Ofsted report

02 Apr 2025

Pc Prestonmacan Gif980x120 March
Background image for hub sign up block

LBV Hub

Leverage Lancashire Business View platforms

Post your news
Post your events
Post your offers
Build your network
Improve your SEO
Gain coverage in the magazine
Sign-up
Events
Lancashire Net Zero Carbon Conference
Net Zero Carbon Social 1200px
Networking
18 Jun 2025

Lancashire Net Zero Carbon Conference

Crow Wood Hotel & Spa Resort, Burnley, BB12 0RT

08:30 - 13:00

CMI Level 5 Management and Leadership Course
UCLanAerialCampus.jpg.jpg
LBV Hub Seminars
21 Feb 2025 - 21 Feb 2026

CMI Level 5 Management and Leadership Course

Preston Campus, Preston , PR1 2HE

09:00 - 17:00

CMI Level 5 Project Management Course
UCLanAerialCampus.jpg.jpg
LBV Hub Seminars
21 Feb 2025 - 21 Feb 2026

CMI Level 5 Project Management Course

Preston Campus, Preston, PR1 2HE

08:00 - 17:00

RISE - The Academy for Female Leaders and Managers
WENDY BOWERS RISE Illustrstion copy.jpg.jpg
LBV Hub Seminars
02 Apr 2025 - 08 Oct 2025

RISE - The Academy for Female Leaders and Managers

East Lancashire Chamber of Commerce, Clayton le Moors, BB5 5JR

09:00 - 15:30

WHN Charity Quiz Night
Evenbrite Quiz 2025.png.png
LBV Hub Fundraisers
03 Apr 2025 - 03 Apr 2025

WHN Charity Quiz Night

The Stables Country Club, Bury , BL9 1PU

18:00 - 22:00

Chamber Breakfast Networking – April
Chamber logo - new-02.png.png
LBV Hub Networking
03 Apr 2025 - 03 Apr 2025

Chamber Breakfast Networking – April

The Dukes Theatre, Lancaster, LA1 1QE

08:00 - 10:00

Lancashire Business Expo 2025
https---cdn.evbuc.com-images-880395853-4862066883-1-original.20241022-091152-2.jpeg.jpg
LBV Hub Exhibitions
04 Apr 2025 - 04 Apr 2025

Lancashire Business Expo 2025

Sir Tom Finney Sports Centre, Preston, PR1 2HE

09:00 - 15:00

The Business Network Central & East Lancashire
LBV Hub Networking
24 Apr 2025 - 24 Apr 2025

The Business Network Central & East Lancashire

Stanley House, Blackburn, BB2 7NP

11:30 - 14:15

People Power: Exclusive Event Series
Stay ahead in 2025.jpg.jpg
LBV Hub Seminars
29 Apr 2025 - 29 Apr 2025

People Power: Exclusive Event Series

People's History Museum, Manchester, M3 3ER

17:00 - 21:00

Planning for the future + navigating Inheritance Tax changes
Planning for the future + navigating Inheritance Tax changes for website.png.png
LBV Hub Seminars
01 May 2025 - 01 May 2025

Planning for the future + navigating Inheritance Tax changes

Stanley House Hotel, Mellor, Blackburn, BB2 7NP, Blackburn, BB2 7NP

08:00 - 10:30

A night at the races
1.png.png
LBV Hub Dinners / Balls
02 May 2025 - 02 May 2025

A night at the races

Morecambe FC, Morecambe, LA4 4TB

19:00 - 23:59

Amber River True Bearing quarterly investment seminar
LBV Hub Seminars
22 May 2025 - 22 May 2025

Amber River True Bearing quarterly investment seminar

Cottons Hotel & Spa , Knutsford, WA16 0SU

16:00 - 18:00

Advertise with us

Reaching 50,000 members, our print, digital and event platforms offer a fantastic way to raise your business profile and help you grow.

Find out more Lbv121 Online Graphic
Subscribe now

Weekly news bulletin