With any new legislation there are always questions! As a training provider we have been helping our clients implement GDPR solutions and ensuring their businesses are operating within the new regulations. Here are some of the most frequently asked questions we receive. If you still have questions on any aspect of GDPR, please call or email us, we are happy to help.

What is data protection all about?

We live in a time where more and more information about us is being collected.  Information about our movements, likes, dislikes, friends.  Data Protection is about ensuring that as individuals we are adequately protected against anyone wanting to misuse or use our personal information as a commodity that they can make money from – regardless of the impact to us as people.

What implications does this new regulation have to my business?

Every business now has a responsibility to comply with the new regulations and those who do not take data protection seriously will potentially face fines.   

I’m a sole trader, does data protection apply to me?

Yes, it applies to any business that collects and uses peoples personal information.

I don’t think I hold any sensitive data, what sort of data does the new regulations cover?

Sensitive data includes information about a persons health, religious beliefs, political opinions, criminal convictions or ethnic origins.  Most businesses will hold some of this information about its employees, so will have to ensure that the business is providing the additional required security and processing requirements for this type of information.

I’ve registered, what do I do next?

Most businesses start with a Data Audit (making an inventory of Personal Information).  You need to ensure that you are handling and processing personal information in line with the regulatory requirements.  This means knowing what personal information you are processing, how it is being processed, ensuring the right levels of protections are in place and being able to provide evidence of your data protection practices.  The General Data Protection Regulations have expanded the responsibilities for all businesses with regards to how you are handling personal information. 

I have a website and use social media, does any of the regulation impact on these things?

Yes, the new data regulations were brought in to cover these areas.

I use a mailing list to contact my customers, can I still do this under the new data protection regulations?

Yes, in fact most of the fines to date have been around the misuse of mailing lists.

I outsource some of my work and admin, is this still OK under the new regulations?

Yes, but you have a greater obligation to ensure the adequacy requirements are being met.

Will I be visited by the Data Protection Officer to check I’m compliant?

The Data Protection Regulator has the right to come and check any time, although at the moment it is more likely to happen if they receive a complaint or have a reason to be concerned.

What would be classified as a breach?

Data Breaches are all about the risk of harm or potential impact on the people or person whose data was compromised.  A data breach can be anything from a person’s personal information being disclosed to an unauthorised person to their data being corrupted or deleted and unrecoverable.

What would happen if I didn’t report the breach?

You could be at risk of a visit from the Regulator and/or a significant fine for non-compliance or poor data protection practices.

LET’S TALK…    call: +44 (0) 7839 111968    email:

%d bloggers like this: