GDPR – Your quintessential last minute panic guide


What is it?

GDPR stands for the General Data Protection Regulation; which will replace the standards set within the Data Protection Act. This new regulation sets guidelines for the responsible use of personal data of EU Inhabitants, and seeks to empower individual rights where private data is collected and used.

When does it take effect?

The regulations were adopted on 27th April 2016, with a two year transitional period before the changes become enforceable. By the 25th April 2018, all companies who hold and use personal data must be compliant to avoid potential penalties.

What penalties are involved?

For major breaches, maximum fines can total €20 Million or 4% of annual global turnover, whichever is greater.

How will it affect the data I hold?

Assuming you want to avoid the penalties, conforming to GDPR will require you to review the type of information held about your customers. Essentially, you may only hold information which the data subjects have unambiguously consented to you using, for the explicit purposes they have agreed to.

The exception to this rule is where the data controller has a lawful basis for processing, such as to fulfil a service agreement or contract, or where data is collected for an express purpose – such as for gift-aid claims.

How will it affect my customers?

As with the Data Protection Act, GDPR gives your customers the right to access the information held about them, in addition to the purposes for which the information was collected. Your customers will also have the right to be forgotten, meaning that any data records held must have the potential for deletion or total anonymisation or pseudonymisation..

What will be the benefits of GDPR?

As a result to the extra controls put in place, GDPR stands to improve the quality and relevance of marketing information each of us receive on a daily basis, as well as protecting our private information from unlawful collection and processing.

Do you have any questions about becoming GDPR compliant within your Merlin systems? Feel free to call our team on 01226 294413