open menu

GDPR guide

What you need to know

What is GDPR?

General Data Protection Regulation (GDPR) comes into force on 25 May 2018. If your organisation collects or stores personal data from those in the EU, such as email addresses, names, contact details and addresses, you’ll need to comply with GDPR.

GDPR is designed to:

  • Protect the rights of your customer or website user
  • Offer transparency by explaining how and why your business uses personal data
  • Ensure your business adopts a more refined process for data handling
  • Bring staff up to speed on the new regulations
  • Ensure data is recorded and managed in a compliant manner going forward

Financial penalties can be imposed for breaches, so it’s important that your communication strategy and website complies with the regulations.

But data protection is more than a compliance issue. Customers care about their privacy and expect businesses to respect it. It makes good business sense to demonstrate that you’re being compliant and have this in hand. What’s more, the opportunity to cleanse your database means you’ll be communicating with people who are genuinely interested in being contacted, thus creating a quality database of customers or users.

So what do you need to do?

We’ve reviewed a number of resources to help us understand the changes that will have the biggest impact on our clients. While the regulations are complex there’s no need to feel overwhelmed by the changes.

  1. Review
    Take stock of what information you have already, why you have it, where it is stored and what processes you have in place for data protection.
  2. Streamline
    Do you need all of the information you store? Could you hold it in one safe place? This will make it easier to record and manage information in the future.
  3. Protect
    Encrypt personal data and if sharing a document or database with sensitive information you must send the password using a different method such as text or share it in person. You must also ensure your website and the way you store form or user data is secure.
  4. Update
    Review and amend your website to make sure there is a positive opt-in for any email communication. Also, ensure that your privacy policy is updated to reflect any changes.
  5. Communicate
    Prior to 25 May 2018, contact your customers and/or users (if you don’t have consent) to let them know why you have their data, why you collect it and what you do with it. Some but not all organisations will be required to ask recipients to opt-in to receive future emails (and text messages if applicable).

This process will take a little time, however, it will simplify your approach to data handling in future and ensure your website is fully compliant with GDPR.

Next steps

You may be in a position to address these tasks without support. If however, you would prefer assistance, we are offering two GDPR packages to existing clients.

Simple GDPR package

  • Complete database audit
  • Create a plan for recording and managing consent in future
  • Review and update website form
  • Send simple email campaign (only if required under guidelines)

Advanced GDPR package

  • Complete multiple database audits
  • Create a plan for recording and managing consent in future
  • Review and update multiple website forms and privacy policy
  • Send simple, branded email campaign (only if required under guidelines)

For further information please email Sarah or call the studio on 0131 344 4638.