Your guide to the GDPR

Blog posts   •   Jan 19, 2018 12:43 GMT

The General Data Protection Regulation (GDPR) is the largest overhaul of European data protection in two decades and it is coming into effect on 25th May 2018 - That’s less than six months from now. Just to put things into perspective, when the EU last made data protection laws, Windows 95 was the newest Microsoft OS, internet speeds were in the 28.8kps to 33.6kbps range and Hillary Clinton was still the First Lady. A lot changes in 20 years, especially when it comes to technology, so these regulatory changes are certainly overdue.

The GDPR, like all current data protection laws, applies to ‘data controllers’ and ‘data processors’. While these may sound like robots, your business is going to have both of these.The controller is simply an organisation or individual that decides what the data is going to be used for. The processor is the person who processes the data on behalf of the data controller. Easy.

The clock is ticking……but don’t panic. The date is 25th May 2018. You have six months to make sure that your company is GDPR compliant and this guide aims to ensure you are. The UK Information Commissioner (ICO), who is in charge of data protection, Elizabeth Denham describes the GDPR as “an evolution, not a revolution,” so there shouldn’t be anything that is too shocking to businesses.

What about Brexit?

As we have seen with the European Capital of Culture fiasco, anything involving EU law is going to be affected by Brexit. The UK’s Data Protection Act (DPA) 1998 is derived from the European Data Protection Directive 1995, and our next Data Protection Act (that’s currently a bill that needs to be passed through the Houses of Parliament) will follow the recommendations made by the GDPR.

Irrespective of whether the UK leaves the EU (which, at the moment, it seems to be), businesses which control or process the data of EU citizens will have to follow the laws set by the GDPR. If we leave the EU and your business only deals with UK citizens’ data, then it is likely that the GDPR is going to affect you in the form of the new Data Protection Act, that will very much likely follow the rules and regulations of the GDPR.

So, what’s different about the GDPR?

Accountability: In light of several serious data breaches over the past couple of years at various companies, including Yahoo (both in 2013 and 2014), JP Morgan and Chase, Target and MySpace, the EU is cracking down on shoddy security when it comes to people’s data. Under the GDPR, the "destruction, loss, alteration, unauthorised disclosure of, or access to” personal data must be reported to the ICO within 72 hours.

This ensures that the people it affects are told as quickly as possible, so appropriate measures can be carried out to protect their finances and private lives. You must make sure that your business has the correct procedures in place to report any data breach.

Additionally, if your company has “regular and systematic monitoring” of people on a large scale, then you must employ a Data Protection Officer. Hiring a whole new full-time staff member could have a big impact, depending on the size of the company.

The rights of individuals: Under GDPR, individuals have more rights in accessing their data that companies have on them. Under the current data protection laws, a Subject Access Request let's public bodies and businesses charge £10 for people and other organisations to make a data request.

Now, under GDPR, Subject Access Requests are being scrapped and requests can be made for free. If you are asked for the data that your company holds on an individual, that data must be sent to the that person within 1 month. You also have to be transparent about your data processing – you must provide explanations for certain decisions you make concerning their data.

In some cases (if it was unlawfully obtained, or if it has served its purpose) the GDPR even gives individuals the right to have their data erased from existence.

New fines: If you have skim read this article up until now, then the word ‘fines’ should make you take notice.There will be two levels of fines under the GDPR. The first level is up to €10 million or 2% of your global annual turnover for the previous financial year, whichever number is higher. The second level is up to €20 million or 4% of your annual global turnover for the previous financial year, again whichever is the higher number.

Compared with the current system, this is an absolutely enormous amount. Under the DPA 1998, you could only be fined up to £500,000. This means that under the GDPR, the maximum possible fine has increased by 35.7 times.

What do you need to do?

Luckily, ICO has compiled a handy checklist of what you need to do right here. To calm your nerves slightly after the section on fines, in the introduction for the checklist, it says “Many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act (DPA), so if you are complying properly with the current law then most of your approach to compliance will remain valid under the GDPR and can be the starting point to build from.”

The 12 steps boil down to:

- Make sure everyone in your company is aware of the new regulations.

- Document the personal data that you hold.

- Put a plan in place if anything needs to be changed.

- Check your procedures concerning personal data.

- Plan how you handle data requests.

- Ensure your basis for processing data is legally watertight.

- Review how you obtain consent for data processing.

- Think about how you process children’s data.

- Ensure your data breach protocols are as good as they can be.

- Familiarise yourself with ICO’s code of practice on Privacy Impact Assessments

- Make sure that you have someone in the role of Data Protection Officer.

- If you process data outside of the EU then you should ensure that you are complying with all of the relevant regulatory bodies.

Conclusion: evolution, not revolution

Bottom line is, don’t worry. Just like Elizabeth, the UK Information Commissioner said, this is an evolution, not a revolution. As long as you are already following the ideals of the DPA 1998 then you should find it easy to adapt to GDPR. Document management and data storage companies can help, just keep in mind what’s changed and make sure that everyone in the company is fully up-to-date on how it will affect their roles. Don’t leave yourself open to those eye-watering fines.

The General Data Protection Regulation (GDPR) is the largest overhaul of European data protection in two decades and it is coming into effect on 25th May 2018 - This article gives advice and tips on what businesses need to do in order to become compliant.

Read more »

Go Paperless in 2015 & Save Office Space

Blog posts   •   Jan 19, 2015 15:30 GMT

We are fast approaching the end of January, this first month of the New Year, a month full of healthy eating and New Year’s resolutions for people at home. At work, businesses may also be hoping to make a fresh start to 2015, becoming more efficient, saving money and increasing productivity. There are many things companies can do to help improve their business processes, scanning and archiving old paperwork to increase office floor space should be considered.

Digitisation of documents can help save floor space.

Office space is a valuable commodity and businesses should be making the most of the space they have available. By replacing the old bulky filing cabinets with digitised copies of your company paperwork is a fantastic way of freeing up space.

Digitised copies are easier to store, they are easily backed up and easier to search. Staff can save time locating important documents via the computer rather than manually flipping through the files in the cabinets. They are also much easier to distribute and share among co-workers.

Digital storage provides a much higher level of protection from disasters such as flooding or fire damage, your documents are safer when stored electronically. Even better would be to store these within the “cloud”, so they can be accessed from anywhere at any time, night or day.

A few things to consider…

  • How much does office space cost?
  • How many archive boxes and filing cabinets do you have at present?
  • How many extra desks or work stations could you fit into your office if you archive your documents?
  • Would it be possible to downsize your office if you went paperless, saving money?
  • What percentage of time is spent searching through filing cabinets for specific documents?
  • How secure is your paper based archive? Who has access to it?

Here is a useful fact, 28 filing cabinets or 247,500 paper documents will fit onto just 1 DVD, saving 24 square feet of office space.

Scanning these documents in house would take a very long time and would be counter productive, it is common practice for this type of work to be outsourced to a document scanning company.

Find out more about scanning bureau's here.

How can a scanning bureau help?

Scanning bureau’s take the headache out of document scanning, they are equipped with state of the art scanning equipment which will quickly and efficiently scan huge batches of documents in one go. Once these batches have been scanned they are then saved digitally to the computer and indexed allowing you to quickly locate documents.

Data such as invoice numbers, supplier name or the date can be extracted using clever software, saving you time on manual data entry improving the accuracy of business information. This is most commonly used for financial documentation such as invoices or claims.

Digital versions of your documents can be stored within the “cloud” allowing you to access your documents from any location, they can also be stored in a document management software for fast and efficient retrieval, distribution and security.

Finally, a document scanning bureau can also act as your “mailroom”, taking your business post and digitising the paperwork upon arrival.

Read more »

Images & Videos 1 image

About The Web Design Group

Digital Marketing Agency in Derbyshire.

The Web Design Group are a multi-discipline digital agency based in Derbyshire. We specialise eCommerce web development, pay per click advertising and SEO.

The Web Design Group are a Sage Pay Partner, a PayPal Partner and a Google Partner Agency for AdWords. We are also Bing Ad's accredited and a BrightPearl partner.

Our eCommerce websites are built on the industry leading Magento eCommerce.


  • The Web Design Group
  • Office 28 & 29
  • NG6 0JU Nottingham
  • United Kingdom