An Introduction to GDPR

23rd August 2017

Is your Organisation Ready?

The GDPR IS COMING...Soon enough. May 25th 2018 is the date. Let's talk about getting you ready!

So, what on earth is GDPR?

GDPR, stands for General Data Protection Regulation and is a comprehensive set of regulations which will apply to all EU members countries by May 2018.

The main objective of GDPR is to allow citizens and residents to have more control over their personal data. GDPR also imposes stricter rules to companies handling data. The regulation provides confidence and trust for consumers, that their personal data is safely managed.

This regulation will impact all businesses, organisations, and charities. Every organisation will have to comply the GDPR legal requirements when processing individuals' personal data. Basically, GDPR is the evolved and improved Data Protection Act (DPA) and PECR. Protecting consumers' personal data and privacy will be the number one priority for any business. An additional layer for charity consideration is the introduction of the new Fundraising Regulator.

Why is GDPR so important for you to think about it now?

In order to comply under the GDPR requirements, actions need to be taken. GDPR will potentially impact on various processes within your organisation. Failure to comply will bring financial consequences in the form of potential fines. You will need to consider your website security and how you can capture and manage your data correctly. The actions involved are time-consuming, below are some key factors you'll need to consider.

What do you need to do to ensure your site is GDPR Compliant?

First things first, you'll need to audit your data capture and data storage areas to assess your situation with regard to compliance with the current DPA / PECR and with the incoming legislation. Question your current performance. Find out where the flaws that could lead to a violation are and who are involved in data, this includes any interaction and integration with third parties. Your organisation will need to provide clear explanation as to why you are collecting personal data and how you intend to use it, this is called a privacy statement or privacy notice. Without explicit, dated consent, your data is worthless. This also applies to your third parties. You should thoroughly examine and interrogate all existing data and any records that would be considered non-compliant in 2018. They should be either deleted or made compliant by May 2018. Secondly, do your research. As this is a hot topic at the moment, plenty of help is available online.

{video}/assets/video/SBS screen final.mp4{/video}

What can Studio Republic do to help you with GDPR Website Compliance?

As a creative digital agency, we are able to:

  • Review website, current strategy (i.e opt in vs opt out) and what changes will need to be implemented.
  • Update your privacy notice to explain clearly what information you collect and how you use it.
  • Support with updating of associated policies (e.g. a data retention policy)
  • Support with reviewing data capture functionality, databases, systems, and resources that you have so that you can keep all personal data safe and manage communication preferences.
  • Deliver digital User Account Functionality – i.e review the user's ability to update their own consent / communication preferences on your website.

If you have any questions regarding GDPR and your website data capture, feel free to contact us!

For more information, please visit or follow the below: Data Protection Self-assessment ToolKit, ICO Information Commissioner's Office, Twitter: @iconews Institute of Fundraising,Twitter: @ioftweets