Data Protection Update — Winter is upon us.

Saul Gowens
Apr 24, 2016 · 4 min read

Data Protection Update / 29th March 2017

You’ll have probably received an invite to a seminar from a professional services firm to explain the legalities behind GDPR. By GDPR we mean data protection changes.

Since Websand helps marketers create ‘data driven marketing’ we’ve been following this closely and making sure our platform helps make our users ‘future proofed’.

Now that the conscious uncoupling between the UK and the EU has begun, the GDPR will begin to take shape from a regulation to law.

Brexit is irrelevant to this. The UK will still be part of the EU when it becomes a legal requirement, and it’s going to be a ‘standard’ for doing business anyway.

And, it’s also a great excuse to put some ‘best practice’ in place and improve your business.

A date of 25 May 2018 has been mentioned, so that’s only one Christmas away. If you are a digital marketer or if your business collects customer data (pretty much everyone then). Please take some time to read these posts, as you’ll need to get prepared.

If you need help, please get in touch.

Now back to the main event… winter is coming.

Data Protection Update aka GDPR — what does that mean?

Strange that every update I’ve written about the EU Data Protection update (now known as GDPR) seem to be linked to Game Of Thrones. The correlation continues, as in the week the EU Data Protection update (GDPR) were agreed, and guess what… Game Of Thrones began a new season (season six if you were wondering).

Whatsmore, the new Data Protection update (GDPR) will take two years to come into effect. Game of Thrones has two more seasons. So when Game of Thrones ends, the EU Data Protection Regulations will come into force. As I said in the first blog post, winter is coming, and in two years time it will arrive (for both marketers and most likely in Game Of Thrones).

So down to business…

What does the EU Data Protection Update (GDPR) mean for You

The General Data Protection Regulations (GDPR) are a game changer. You need to know the details and you need to act on the details.

The changes affect the following areas.

  1. How you collect data
  2. Your Privacy Policy
  3. How you use the data you collect
  4. Your bottom line — if you get this wrong, you will be fined and that could mean a lot of money.

It’s a complex subject, so we are going address this piece by piece, and in the spirit of the (GDPR) data protection regulations we are going to do our best to use simple English to it’s easy to understand.

This post focuses on data collection points 1 and 2.

Click here to read about managing your data and the impacts of non-compliance

Collecting data from people.

Let’s start at the beginning — the point you collect data from ANYONE! That’s B2B and B2C.

You need to make sure that you are communicating the following information to the person you are collecting the data from.

  • Your contact retails and the details of your data protection officer (yes, you will probably need one of those).
  • Why you are collecting this data from the person, i.e. what you are going to do with the data.
  • If the data is going to be used by a third party, who will receive or use the data.
  • Make sure that the person knows of their rights to erase or amend their data.
  • Make sure they know how long you are going to keep it the data for.
  • If you need to collect the data as a part of what you do — i.e. they can’t use your service without this information — you need to be clear about this, and why it’s important.
  • Make sure you get consent from the person, and make sure they know how they can remove their consent.
  • If you are profiling, you need to make sure people are aware that the data they are providing will be used for this purpose.
  • Show them the route to complain about any data processing issue.
  • And finally, if you change any reasons related to how you use and collect data you need to make sure everyone knows.

OK, that’s a long list and I’ve tried to use simple and clear English. You will have to do the same when you communicate this.

Your Privacy Policy

The data protection update means that the days of a 50 page privacy policy are numbered. Clear English is a mandatory requirement. It’s now your duty to show everyone about your intentions with the data you collect. Clarity and transparency are key.


  • Use a big font.
  • Use clear English, avoid legalese.
  • Make sure the most important details are at the top — (who you are, and what you will use the data for)
  • If you need to go into lots of detail — use a summary and hyperlink this to a more detailed page.
  • Once you’ve changed your Privacy Policy, make sure you get someone outside of your business to take a read and make sure it is as clear as possible.
  • Things change, so review your Privacy Policy regularly to make sure everything is in line with your business activities

Do you need a data protection officer?

If you are dealing with a lot of data, e.g. an e-commerce business, then yes. It’s likely you will need to appoint a data protection officer for your business, irrespective of the size of your business.

So that’s the starting point, more detailed information can be found from the excellent DMA GDPR microsite and also from the Information Commissioner website (they will soon be sitting on the Iron Throne)

Please share this with your peers and let us know your thoughts and questions.

Originally published at Websand.

Saul Gowens

Written by

Founder of Websand. Helping make email marketing and marketing automation easier. Wanna know a secret? It’s all about your data.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade