What is GDPR?

In April 2016 the EU passed new regulations regarding the processing of personal information which comes into effect on 25th of May 2018. These changes will have a massive impact on all UK organisations. In the run-up to May we'll be posting further information regarding the GDPR and how we can help you prepare.

The General Data Protection Regulation (GDPR) is a new EU wide regulation coming into force from 25th May 2018, following a two-year transition period. The purpose of GDPR is to improve and align data protection for all individuals within the European Union (EU).

These changes will be written into UK law prior to the UK’s withdrawal from the EU, replacing the Data Protection Act of 1998, as indicated in the Queen’s Speech in July 2017.

The consequences of non-compliance are severe with fines of up to £20 million or 4% of a company’s global turnover from the previous financial year, whichever is higher. Fines are likely to be issued after a written warning of none-compliance and regular periodic data protection audits.

Key points

  • Consent  – offering individuals choice and control of what information and choices they are choosing. This means no more pre-ticked boxes or opt-in methods designed to confuse.
  • Right to be forgotten  – An individual has the right to obtain personal data concerning themselves without undue delay and can request its deletion.
  • Data breach  – All organisations will have a duty to report data breaches to the individuals affected as well as the relevant supervisory authority.

Key definitions

  • Controller  – determines the purposes and means of processing personal data, for an agency such as ourselves this is usually our clients.
  • Processor  – is responsible for processing personal data on behalf of a controller, for our clients this is usually Webnetism.
  • Personal data  – any information related to a person that can be used to identify a person. This includes, email address, name, mobile number and location, both digital and manual records.
  • Consent  – freely given, specific, informed and explicit consent by statement or action signifying agreement to the processing of their personal data.

Useful information

Information Commissioner’s Office: Preparing for the General Data Protection Regulation (GDPR) – 12 steps to take now

European Commission: Reform of EU data protection rules

DMA: Webinars and updates

Full law text: General Protection Regulation (GDPR), as of 27th April 2016


Need help bringing your website up to speed with the GDPR?

Get in touch


Join the conversation


Find out more about how your personal data is used in our privacy policy.

Want to get in touch?

Then why don't you? Just click the button below and secure your place in our office chair (before you ask... yes, spinning is allowed)!

Get in touch

Let's contribute!

How about you help us a little and share this page with your friends? It’s just a click, we promise!

Get in touch