top of page

(General Data Protection Regulations)

GDPR - what is it and where to start?


GDPR is here and has been in operation since 25th May 2018.  If you have not done so already, businesses whatever your size need to start implementing it now or incur financial penalties.  Here is a user friendly guide, with links to the ICO website to provide you with that you need to know  about GDPR.  


What is it? GDPR (General DATA Protection Regulation) 

  • Enhanced personal privacy – more rights for your customer or visitor.

  • Businesses will have to have more defined processes in place for dealing with data.

  • You, as business owners or managers must be more transparent as to why and how you use personal data.

  • All your staff need to be up to speed on the new regulations.

  • Financial penalties can be imposed for breaches


How does it affect my business?


If your business collects or stores any type of personal data from people (including staff) in the EU – you will need to comply with GDPR. This could include email addresses, names, contact details, addresses etc.


If you don’t comply – there can be financial penalties.


However, there are some positives – being compliant shows your customers that you are a trustworthy business that respects their privacy and personal information.

What do I need to do?


  1. Audit - Take stock of what information you have already, where it is stored, and what processes you have for data protection already. Who is responsible for data protection in your business?

  2. Simplify - Do you need all of the information you collect? –Why collect someone’s date of birth if you never segment marketing by age or offer a birthday discount? Could you store it all in one place? This makes it easier to fully delete information once it is no longer needed.

  3. Protect - Ensure passwords and protection are in place – Password protect documents and databases which hold personal data. Ensure that the password for this is kept elsewhere. If sending a document via email, send the password in a different method e.g. text or in person.

  4. Communicate - Let your customers know why you are collecting their data, and what you will do with it.


How do I start? Below are some links to the Information Commissioner's Office that provide a number of resources that can help you, your staff and your business get ready for GDPR. 

Guide to the General Data Protection Regulation (GDPR)

GDPR - 12 Steps to Take Now!

Data Protection Self Assessment Toolkit

Making data protection your business

ICO E-Newsletter monthly e-newsletter service (latest developments in data protection and Freedom of Information)

The BID has its own Data Protection & GDPR policies.  These can be located in the BID Documents page

bottom of page