Big Data
August 27, 2018
GDPR part-2, the EU strikes back!
January 28, 2019

Well, it seemed to have gone off the boil for a while but it seems to be back!  I recently read an article in the Independent where it’s claimed that small business owners are still ‘clueless’ about data protection rules.  So how big is this lack of awareness time bomb?  Welcome to GDPR part-1!

According to a ‘poll’ of 1,000 small businesses there appears to be confusion on what they should or should not be doing.  I’m not professing to be an expert in this area however I do have some understanding.  As a result, I’m going to be lazy and decipher the article into meaningful chunks. I hope it might make us, including myself, a bit more aware of the regulation.  For any expert(s), please feel free to interject!

So, 50% of SME’s are confused by the rules behind data protection and privacy.  There’s tons of guides, tips and checklists out there but for simplicity, I’m going to try and bring down the 50% figure.


Mistakes have been made as a result of this initial confusion. Either no update has been made internally within the business to cater for the changes OR the changes that have been made were incorrect. Both could result in a fine for the business.  I’d highly recommend getting your privacy policy checked and approved by a legal expert, assuming you don’t have an in-house legal team. If only to demonstrate intent that you’ve played your part in ensuring you’re compliant. I’m pretty sure with all the R&D credit hype that’s around these days you might be able to sneak in a web development project including updating your privacy policy and claim it back. If you don’t ask you don’t get.

Getting the correct processes and procedures in place is therefore very important.  As my day job involves me summarising large datasets into smaller, meaningful chunks. I’ve done something similar to my understanding of GDPR.  I have already written a post on this in the past however there’s no harm in reiterating.

  • Capture
  • Storage
  • Usage
  • Destruction


The journey starts with how you actually capture the data in the first place. Here we’re talking about personal data or data which identifies your customer.  If you have a piece of information which can identify your customer e.g. name, then you need to be aware that GDPR directly affects you now.  How you obtain that personal data is now under scrutiny. You need to ensure any data you capture has been provided with full consent given. Yes, there’s other criteria aside from consent such as legitimate interest but let’s stop being lazy shall we? Let’s make it crystal clear to the customer what we’re capturing and what we’re going to use it for.  More importantly let’s make it clear to the customer that if they don’t agree, they don’t have to provide this information.

To be continued…

Contact us now to find out more at

Copyright Pulse Media Group Ltd 2020

Leave a Reply

Your email address will not be published. Required fields are marked *