GDPR - General Data Protection Regulation

What is GDPR
Articles and Insights
GDPR Training
Contact us

What is GDPR?

The General Data Protection Regulation (GDPR) is now in force. GDPR replaces the UK Data Protection Act 1998 and applies to both 'controllers' and 'processors', and is inclusive of organisations operating within the EU, as well as those offering goods or services to individuals in the EU. The enforcement and obligations of GDPR will not be impacted by the UK's exit of the European Union in March 2019.

CIM is committed to enabling marketers and their organisations to correctly handle consumer data creating a marketing advantage for the benefit of professionals, business and society.

Who does GDPR affect?

Whilst GDPR affects everyone within an organisation, marketers are particularly well placed to ensure GDPR compliance throughout their business. With a superior knowledge of the customer, marketers are able to enter into a dialogue with consumers regarding the changes GDPR will enforce, and understand what customers are willing to tolerate.

Who regulates GDPR?

The Information Commissioner’s Office (ICO) is the regulatory body for GDPR. Their latest advice and guidance can be found here.

What are the fines for non-compliance?

Organisations who are found to be in breach of GDPR after 25 May 2018 can be fined up to 4% of annual global turnover or €20 million, whichever amount is larger. This is the maximum fine possible for the most serious infringements, such as not having obtained customer consent to process data. However, the fines are tiered based on the level of severity of the data breach.

What does it mean for SMEs?

Under GDPR, all businesses are required to gain consent for all data collected from individuals, as well as provide clear and comprehensive privacy notices to help these individuals understand how their data will be used. For SMEs, it is particularly important to note that businesses of all sizes need to be able to prove that consent was given if they want to process any form of personal data. Any small business that processes data for a client firm may also have to demonstrate that they have appropriate data-processing controls in place that comply with GDPR.

What does it mean for large organisations?

Whilst GDPR affects businesses of all sizes, large organisations need to consider key areas of the new legislation, such as: reconsent; double opt-in; ensuring existing data is compliant as well as new; using data across European borders; and the new Data Protection Act. These are areas that will receive clarification in the coming months, before GDPR is instated.

What is the Data Protection Bill and how does it relate to GDPR?

The Data Protection Bill seeks to apply GDPR to all of those areas excluded under the GDPR, creating one regime across the board. It also aims to ‘Brexit-proof’ GDPR so that after Britain withdraws from the European Union, GDPR will still work under UK law. However, it is currently unclear when the DPA will come into force, as it requires an order by the appropriate Secretary of State.

In what instances does a Data Protection Officer (DPO) need to be appointed?

A Data Protection Officer must be appointed to a business in the case of an organisation being either: a public authority; or engaging in large scale systematic monitoring or processing of sensitive data.

Articles and Insights

GDPR – the marketing opportunity

With potential fines for non-compliance on the horizon, GDPR needs to be responded to quickly and with diligence, but marketers should also recognise the positive side of the new legislation.
Top five tips to prepare for GDPR

In today’s consumer-centric world, handling customer data is a business-critical issue for organisations. After GDPR, it will also become a legal imperative.
7 GDPR tips marketers need to know

Brand leaders Force24 provide seven GDPR tips for marketers, encouraging a ‘don’t panic, but act now’ approach from business leaders across the industry to ensure GDPR compliance come May 2018.
Practical Insights: What marketers need to know about GDPR

This webinar with CIM course director Duncan Smith gives an overview of how GDPR will affect business; what marketers must do before it’s in force; and what the marketing landscape will look like post-GDPR.
Challenges and opportunities 2017

In a continued period of data-driven marketing, marketers have the perfect opportunity. GDPR, with the potential fines and negative publicity for those who do not comply, must be a top priority.
GDPR: The impact on marketers and how to prepare

This webinar, featuring data privacy specialists Clayden Law and training providers MeLearning, discusses the impact of the new legislation on marketers, as well as how CIM can help prepare you and your team for the imminent changes.
What does the data protection bill mean for GDPR?

When the UK leaves the EU, GDPR will remain part of the UK legislative landscape – so why has the Government introduced a new draft Data Protection Bill?
The rise & reign of Data Protection Officers

One of the lesser discussed areas of GDPR is one of the crucial mandates in the legislation: the creation of a Data Protection Officer, to enforce compliance and ensure broader corporate accountability.
The FCA and ICO publish joint update on GDPR

The Financial Conduct Authority and the Information Commissioners Office recently published an update on GDPR, and the UK Government have met to discuss the progress of the Data Protection Bill.
New model announced for funding of data protection work

In February, the Government announced a new charging structure for data controllers to ensure the continued funding of the Information Commissioner’s Office (ICO).