GDPR made easy

We have had many people approach us asking questions about what GDPR is and what difference is makes to them. We hope this easy explanation of GDPR helps you understand what the important things are to take away from this new compliance.

Understand GDPR by breaking it down into the 3 C’s and 1 K!


Making sure you have permission…

1. Ask your customers for consent to receive communications. This must be a positive “opt-in” and can not be an automatic or presumed ‘yes’.

2. Ask your customers for consent to use photographs. Be clear about where these will be distributed. State if this will be purely on social media, or for own promotional material such as adverts and banners.

3. Remind your customers that their consent will account for others being photographed and published if at a group event. State that it will be their responsibility to communicate with family/friends that a photographer will be present and publicly taking photographs and any objections should be notified.

4. You must have consent if you are sharing or selling data to third party companies or organisations. If you are passing an enquiry containing personal information to a friend, ensure you have permission from the client first.


Making sure you say the right thing to the right people in the right place.

1 . Only send marketing communications to individuals who have agreed to receive communications.

2 . You are allowed to communicate with an individual who has made an enquiry under the rule of “legitimate business interest”.

3 . Only communicate in the chosen method the individual has agreed to. Eg. Phone only. Email only. (Only applies if they have been asked).

3 . Communicate your policies, procedures and terms & conditions with your clients clearly. If you have a website a privacy policy is a must have page.

Keep / Don’t Keep

Making sure you are keeping the right information and deleting information when required …

1 . Keep a record of consent for use of data (subscribing to a newsletter, using photographs).

2 . Only keep an individuals data for an appropriate period of time. There is no legal set period. We recommend deleting data belonging to individuals with no contact from 3 years.

3 . You may keep certain data for longer periods of time if you have (a) Have consent to or (b) Have a genuine reason to (Eg. Prevention of fraud).

4 . Do not keep data that has expired past your retention policy.

5. Do not keep data if you have been asked to delete it

6 . Keep your data safe and ensure it is protected against reaching the wrong hands.


Abiding with the law

1 . You are legally responsible to disclose a customers data if it is requested (Public Access Request).

2 . You are legally responsible to ensure you only work with GDPR compliant third party companies.

3 . You are legally responsible to disclose if you have a data leak.

Here are some other C’s that might help…

Be clear – Make sure you communicate in an easy manner
Be concise – Be specific when you communicate
Be careful – Be protective over others data
Be considerate – Don’t annoy or spam people who don’t want to be
Be cautious – Document your actions to protect yourself

Your questions here

If you have a question about GDPR, contact us and we will post the answer on here for everyone else to see!

One response to “GDPR made easy”

  1. […] post GDPR made easy appeared first on […]