You might have heard a lot about GDPR in recent months. It may have left you thinking what does this have to with me and my business? We can help.

The basics

The General Data Protection Regulation will come into force, 25th May 2018 and organisations will have to comply. GDPR applies to any ‘personal data’ you may hold about, not just your customers, but your employees too. GDPR also refers to ‘sensitive personal data’ such as information on an individual’s criminal record, medical history, ethnic/racial origin or political preferences. The release of sensitive personal data could have a much larger impact on an individual as opposed to, for example, just their email address being compromised.

In simple terms, you must give your customers transparency as to what information you hold on them and in doing so hand back the control to them. For example, you cannot use pre-ticked boxes or any other method of default consent. Customers will have to action this themselves under the new regulations. You have to make it explicitly clear to the customer why you would like to hold certain data and what you intend to use it for. Wording and grammar should not be misleading or deceptive.

The ICO (Information Commissioner’s Office) provide a handy checklist as a guide to helping you; ask, record and manage consent.

What happens if a data breach occurs?

Under the new regulations, you will now have a duty to report any data breaches to the relevant supervisory authority. This must be done within 72 hours, when possible. The first step is to establish the severity of the data breach and the impact it may have on an individual. If you decide that the breach will have very little impact, then it does not have to be reported but this decision has to be justifiable.

We can help

At Copper Bay Creative, our experts can offer advice on GDPR and data protection concerns.
To arrange a free initial consultation, call us on 01792 293366 or drop us an email at

Please note: we do not offer legal advice on GDPR.