Is your business GDPR Ready?

Is your business GDPR Ready?

Whether you like it or not, there is a huge change coming with regards to how you operate your business. GDPR – General Data Protection Regulation is going to affect all business, from sole traders through to large corporations.
If you collect any data on customers or clients, you will need to address how that data is collected and stored.

These new regulations are really designed to stop the tech giants such as Google and Facebook from selling unauthorised data that they have collated about their users. Unfortunately though it will also affect a lot of other businesses.

What is classed as data?

Under the GDPR changes, the definition of private data includes internet browsing habits collected by website cookies, location data, other online identifiers and genetic data along with the normal things such as email address, phone numbers and bank details etc
If you do collect this data, consent needs to be explicit. The user/client/customer approve this data collection.
This also means that cold call email marketing is a big no no. Great news for most people, but not for business that rely on this advertising method.

So how do you make your business compliant?

Having a new privacy policy and asking users to read them at their leisure is not classed as consent. But there are a lot of simple changes that can make you, your website and your business compliant.

On your website, with your new/updated privacy policy, ensure that potential customers have to intentionally tick a box, and know what they are agreeing too prior to them sending enquiries.

Many business websites use cookies and analytics by default. Under GDPR, you’ll need to lead with explicit consent. This means asking users to opt-in for cookies (no more ‘by using this site you accept cookies’ notices), and ensuring any data is pre-emptively stripped of all personal identifiers before being sent to your analytics tool.

If you keep data on past clients – get rid

Going forward, everyone has the right to be forgotten and removed from any database you hold their information on.
It is now common practice for you to receive ‘unsubscribe’ links from any newsletters etc that you receive. GDPR expands this to include a right to erasure. In other words you have the right to be deleted and forgotten, not just unsubscribed.
As a business you are then required to confirm and delete their personal data, plus take steps to ensure any copies or backups containing their data are also treated.

What happens if you do lose data or there is a breach of your systems?

If you suspect there has been breach of your systems that has accessed clients data, you have 72 hours to report it. Not only will you have to report it to the relevant authorities but you will also have to inform the individuals whose data has been breached.
If you don’t do this or if your found to be non compliant, you can expect a penalty fine of up to 20 million Euros or or 4% of annual
turnover, whichever is greater.

GDPR comes into affect on the 25th May 2018, so if you haven’t already, you need to start making adjustments now.
Review your privacy policies, data collection and marketing methods. If needs be change them.

In the meantime if you are still confused about GDPR, feel free to get in touch with us. We can provide a free systems audit that will help identify any areas that could be venerable and can also supply you with the methods of correcting them.

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners. View more
Cookies settings
Privacy & Cookie policy
Privacy & Cookies policy
Cookie name Active

Who we are

Our website address is:


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.


We use cookies to retain user preferences and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers. If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue. For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Visitor comments may be checked through an automated spam detection service.
Save settings
Cookies settings