Well it works for the Boy Scouts so it can work for GDPR. This post is covering how you can prepare for GDPR.

Again, get a tea, grab a notebook and let’s get comfy.


Get organised for GDPR

Okay, I’ve got my notebook I’m ready!

Get organised

Now is the time to look at all the data you hold and where it is. Make a data audit for your business – use Excel, Word, whatever works but make sure it’s something you can access easily and add to when needed – also password protect this shizzle because this is vital information and you want to keep it safe. Go through all the areas where you collect data, what data you have, how you store it, how you got it and who you share it with.


Once you have this audit think about centralising all your vital data, so anything that is super important to the running of your business. Excel is good for this as again, you need to start introducing Password Protection into your life. I have read that they are making people think carefully about choosing any cloud based platforms to do this because they can be hacked.

Create a Privacy Policy & Terms and Conditions pages for your website

If you don’t have these already you NEED to get them on your website. The ICO have some great tips on writing a brilliant Privacy Policy page and you can find a number of resources online for Terms and Conditions too. If you are a member of any fab Facebook groups you may even find a legal super whizz that can give your pages a look to make sure you’re covering everything you need too.

Everyone has rights

Every person that interacts with your business has rights. Think about their rights and how you ensure these are protected. This can be included in the Privacy Policy where you say how you will use their data. Another example is on a sign up form on a website, make it clear how you will store their data and how you will contact them when they “opt in” – I am going to be delving more into Email marketing specifically in the third instalment.

They might want to know stuff

All businesses will be affected by GDPR

Alright, if everyone is taking this GDPR business seriously then I better follow them.


Anyone has the right to ask you what information you hold on them, so think about how you would handle this, what would you provide and how long would it take for you to supply the information they need. You need to have a procedure in place to handle this type of request.

Age is just a number

It’s really important to think about the user behind the screen and you should make sure you have systems in place to verify people’s ages and if it requires for you to get parental or guardian consent for any data. I bet CBeebies will be looking at this very strongely because of the apps that they have.

There’s been a breach

Plan in advance how you would handle a data breach i.e. maybe you email someone accidentally who had “opted out” of your list, or maybe they didn’t actually give you consent for you to sign them up in the first place, you just met at an exhibition one day, took their business card and added them on (naughty).  Maybe you data list wasn’t password protected and you’ve been hacked at home and their data could be at risk – think about how you would handle this IF it happened.

It is really important that you read up on the ICO’s code of practice and become familiar with their guidelines and advice.

Don't get fined with GDPR

“There’s been a breach? Where’s my legal department”



The next post is all about GDPR, email marketing and the changes to “consent”.