01164 422546


More Tips To Help You Understand GDPR

Ensuring your policies are up to date ...


Following on from Hazel's recent blog post where she discussed some top tips to help you understanding GDPR, such as not always needing consent, here are 3 more top tips that she believes you may also be interested in ...

Remember, GDPR fines are huge so make sure your policies are always evolving!

Remember, GDPR fines are huge so make sure your policies are always evolving!

copyright: ipopba / 123rf

  1. Fully understand why you collect and hold the data you do

    GDPR requires that the handling of personal data must be collected only for specified, explicit and legitimate purposes. You are also required to be transparent regarding the collection of data and you can only do this if you understand yourself the reasons for collection.

    If you collect your customer's date of birth, figure out if you actually do need this and if so, understand why, be clear and tell them why.

  2. Review your current contracts

    Not only is it absolutely essential to have a privacy policy on your website, it is a good idea to ensure that your policies have been updated in line with the new data protection laws. A Privacy Policy is a legal agreement that explains what kinds of personal information you gather from website visitors, how you use this information, and how you keep it safe.

    Remember that under Article 13 of GDPR, you must provide your data subjects with privacy information at the time when the personal data was obtained. Article 14 states that if you obtain that personal data from a third party, then you should provide them with privacy information, "within a reasonable period after obtaining the personal data, but at the latest within one month". The sure-fire way of being as clear as possible is with that privacy notice stated clearly on your website and by directing your data subjects to it.

    Any terms and conditions you have had drafted may also need to be updated. If the handling of data is quite pivotal to your obligations under the contract, you may need additional data protection clauses to lay out each parties' obligations under GDPR.

  3. Compliance is a journey

    It has been over two years since the implementation of GDPR and I am sure many businesses got their policies drafted and not revisited them since. Many of those businesses wouldn't have been fully compliant even after putting these procedures in place, as there may have been quite a lot to do. GDPR compliance is very much a continuous process and it should become part of your internal processes to ensure that compliance is still being achieved.

    For example, GDPR can be difficult to understand and organisations need to be proactive in training their staff regularly to ensure they are up to speed with all the necessary information. When new staff members are joining you, they should be given basic data management training, and everyone should have some understanding of how their organisation uses data.

    Remember, the fines are huge!

Data Protection may no longer be a hot topic, but enforcement action does continue. The ICO lists the enforcement action it has taken and so far this year, a former social worker has been prosecuted and Britain's biggest electrical retailer has been fined £500,000 after their 'point of sale' computer was victim to a cyber-attack, which affected at least 14 million people.

Last month, a London-based pharmacy was fined £275,000 for leaving approximately 500,000 documents in unlocked containers. No data was compromised, but the fine was for failing to ensure the security of such data.

And a local windows company was fined last year for cold calling individuals who are registered with the TPS. The ICO also issued an enforcement notice to a finance company who failed to respond to a subject-access request.

This is just a snippet of what could land you in deep water if you do not take your data protection seriously so if you have any concerns about how your business is handling GDPR, or you want your privacy policies and procedures reviewing, then get in touch and Hazel can take a look for you.

Until next time ...

Book a meeting with me at a time that suits you by clicking this link


Would you like to know more?

A huge thank you to my colleague Hazel Napier for this week's blog post!

If you have any concerns about your own GDPR policy, why not talk to us? Call us on 01858 414226, leave a comment below or click here to ping over an email and let's see how we can help.

Share the blog love ...

Google AMP  /  Précis  

Share this to FacebookShare this to TwitterShare this to LinkedInShare this to PinterestShare this via Buffer

#SME #Quality #ISO9001 #UK

About Ellen Willoughby ...


I'm Ellen, Director of All About Quality and All About Productivity. I have over 20 years experience as professional in the quality world and 17 years as a practising Buddhist. As a result of this, I have a passion for improvement. in both business and personal life.


01164 422546