Let’s talk 07885 197 364
Book a 30 Minute
Introduction Meeting
Book a 30 Minute
Introduction Meeting
Book a 30 Minute
Introduction Meeting

General Data Protection Regulations GDPR

Last updated August 2, 2017
Getting your Trinity Audio player ready...

GDPR is The General Data Protection Regulations that are replacing The Data Protection Act. Its all about protecting your clients data.

Here is quick list, covering the key points of GDPR to help you get started.

GDPR - The Essentials

When: Comes into force 25 May 2018

Why: To improve trust in a digital economy, by making those who hold your data accountable for keeping it safe

What: GDPR is the new EU privacy law and it will protect 750 million EU citizens' personal data

Where: It applies worldwide to any company / organisation holding personal data on EU citizens

Who: Controllers (nominated person) and processors of EU citizen data must abide by GDPR, regardless of where they are based. Processors now have a much higher duty of care than under the UK Data Protection Act 1998

How: Standardised rules apply for everyone. Huge fines for non-compliance.

GDPR - The Detail

  1. Tougher fines for non-compliance and breaches. Penalty is 4% of annual worldwide revenue or 20 Million Euro whichever is bigger.
  2. Returns control to data owner; i.e. the customer or member
    1. How data is used, processed and stored
    2. What data is used and for what purpose
    3. What is collected and how – what’s personal?
  3. People will have the right
    1. to access any information an organisation holds about them
    2. to know why that data is being processed
    3. how long its stored for
    4. how the organisation processes it
    5. ask for incorrect data to be rectified
    6. insist on the right to be forgotten. i.e. to ask for to be deleted if no longer used.
  4. Controllers must ensure data is processed lawfully, transparently and for a specific purpose. It’s lawful:
    1. If the subject has consented
    2. To comply with a contract or legal obligation
    3. To protect an interest that is ‘essential for the life of’
    4. If processing in the public interest
    5. If it’s in the controllers legitimate interest i.e. preventing a fraud
  5. Consent must be an active, affirmative action by the data subject. Opt-out will not be allowed.
  6. The new definition of personal data is much wider and includes such things as IP addresses.
  7. Organisation is responsible for reporting a breach within 72 hours to Information Commissioner
    1.  Outline nature of breach and the type of data affected
    2.  Assess (roughly) how many people will be impacted
    3.  What the consequences of the breach might be for the subjects
    4.  Measures taken and /or planned in response.
  8. It will replace The Data Protection Act 1998 even though we’re leaving the EU.
  9. If you process or hold data you must appoint a data protection monitor.
  10. Start preparing now.





Shirley Mansfield
Master Business Problem Solver

When you’re ready here are three ways I can help you build your business:

1. Follow me on X / LinkedIn and let me know the business challenges keeping you awake at night that you want to solve. Click here to email. Connect with me, The Business Planning Coach on Facebook and Instagram.

2. Grab a copy of my book The Grown-Up Business (paperback and Kindle). Get the tools and inspiration you need to go to the next level of wealth.

3. Work with me on your growth business to overcome the blockages, hurdles & problems that are holding you back. Join the community, email me with Let’s Get Started in the subject line or book a 30 Discovery Meeting using Calendly


“If you run a business, then buy this book. Not tomorrow, today!”
~ Sam Carpenter Work The System

© 2024 CoachSME and Shirley Mansfield

Website design by Pegu Design
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram