Seven steps to being GDPR ready

It’s one of the hottest business topics of 2018.

GDPR (or the General Data Protection Regulation to give it its official title) is the biggest change to data to happen in the past few decades.

In essence, GDPR is being implemented – and will come into effect automatically on May 25 – with the aim of protecting an individual’s data.

The EU’s official statement is as follows: “The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time the 1995 directive was established.”

It’s a huge change for all businesses  and if you fail to adhere with GDPR you could land up with a fine of up to four per cent of your annual turnover.

In terms of marketing, processes will have to be implemented and adhered to, everyone will have to be involved.

Without trawling through the thousands of pages of official regulatory paperwork, here’s our tips on being GDPR ready:

Be aware

Make the reforms known to key people in your business, those with decision-making powers and tell your staff about the implications of GDPR.

Carry out an audit

Carry out an audit of the documents you hold which have personal data, the source of the data and how you share it and intend to share it.

Remember individual rights

GDPR will give enhanced rights to individuals having access to their info, having info erased, prevent direct marketing and data portability. Companies should ensure procedures and policies are in place for these rights.

Make it someone’s responsibility

Although not compulsory for SMEs, everyone should be aware of the change of GDPR so all staff should be responsible when it comes to data. Larger businesses should be putting a Data Protection Officer in place.

Take care with consent

All businesses should set up a process on how they obtain consent to information they receive before it is used.

Under 16s

Due to the complexity of GDPR and its aim to protect all individuals, you should be creating new practices for verifying the age of children and obtaining parental or guardian consent when processing the data of under 16s.

Beware the breaches

Businesses need to ensure procedures are in place to detect, investigate and report any data breaches. Failure to do this could result in a significant fine.

The above steps are the essential steps to having your business ready for GDPR, for more information on how to make sure everything is in place, visit the official website at

Be ready for GDPR, time is running out.

Nick Hyde is PR & Content Manager at Happy Creative, a full-service marketing and creative agency based in Blackpool, Lancashire.

01253 446 933

What would make you happy today?