The facts in plain language


The GDPR is the new General Data Protection Regulation. Its official title is The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). It’s a new regulation created by the European Parliament, Council of the European Union and European Commission, it impacts everyone in the EU, and it isn’t affected by Brexit. The GDPR will:

  • Strengthen people’s rights over their personal data
  • Focus on better cyber security
  • Boost supervision and sanctions around the misuse of consumer data

The GDPR becomes law on 25th May 2018.


Whatever size of business you run, you will almost certainly keep personal data about your customers and prospects. It might be as simple as an electronic list of email addresses, as complex as a full-on Customer Management System. The rules even include old-school paper files. To make things simple, if you run a business, it’s safe to assume you fall under the GDPR.

It’s set to affect all sorts of IT systems. Post-GDPR, for example, you can’t send an email to anyone, B2B or B2C, without first getting their consent, their opt-in. There’s no distinction between personal and business email addresses. It’s up to you to prove you have someone’s consent, which means you need a clear audit trail complete with a time stamp, explaining what the person opted into and how they did it.

Can your IT system do that for you? Can it handle the impact on HR records and every other list of people’s details you keep?


If you store customer data electronically, whether or not you use it for internal purposes, marketing, communications or sales, you have to comply with GDPR. And your IT systems have to support compliance. You want the transition to be smooth, trouble-free and secure, and you want everything to work correctly from day one.


We aren’t GDPR consultants. We’re Information Technology professionals. But we’re very aware of the IT implications of the Act. We know what IT systems must do to support business-wide GDPR-compliant protocols, processes and procedures. With our help, creating that essential IT structure is easier, faster, more robust and better future-proofed. With massive fines in the offing for getting things wrong, it makes a lot of sense.


Here are some detailed plain language posts about the GDPR:


If you operate B2B the difference is profound. If you’re B2C, it’s less so but equally important
It could be the loss of a laptop, a disgruntled ex-employee, an accidental email cc’d to the wrong people, or a deliberate attempt by external parties to attack your data or the systems containing it.
No, but there are steps you can take that will help you demonstrate compliance and protect your business against fines when a breach does occur.
No, GDPR expands further than the basic requirements of the DPA, and now includes “online identifiers”. This includes cookies and potentially even IP addresses if they can be used to identify a Data Subject, so you will need to consider which systems collect this data as well.
You will need to find out where the Cloud service is located, and where it stores & processes your personal data. If it is outside of the EU, you may need to look at moving to another service hosted within the EU (or other approved country) that will allow you to meet your GDPR obligations.
Make sure personal data is encrypted where possible. Review permissions on your applications and files to make sure your staff only have access to what they need to. Make sure your IT staff (or provider) do the same. Set up regular (annual) reviews of permissions to make sure things don’t slip.