Getting ready for GDPR

What is GDPR?

After four years of preparation and debate, the EU Parliament reached their verdict in April 2016 that tougher measures had to be in place to strengthen and unify data protection, encompassing anyone and everyone conducting business and digital business within the European Union. The end result is the GDPR (General Data Protection Regulation), which will come into force in a little over two months time, supplanting the Data Protection Act 1998 to become the most important legislation in data privacy regulation history.

The GDPR was designed with the intention of empowering EU citizens and giving them more control over how their personal data is used. Much has changed since the previous directive was established, and although key principles of data privacy still hold true to the DPA, the GDPR heralds the arrival of changes to the scope of consent as well as tackling data subject rights and accountability, not to mention the introduction of hefty penalties for any non-compliant organisations.

With the deadline date (25th May 2018) fast approaching, now is the time to get prepared for GDPR.

Does the the GDPR apply to my business?

If your organisation is located within the EU and processes or holds the personal data of data subjects then the answer to that question is Yes. Not only that, the GDPR will also apply to “organisations located outside the EU if they offers goods or services to, or monitor the behaviour of, EU data subjects”. Source

What is personal data?

Article 4 of the 261-page GDPR document defines “personal data” as:

“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”

In simpler terms, a name, an email address, an IP address, a date of birth or anything that reflects the identity of an individual is considered “personal data” and must therefore be controlled and processed in accordance with the GDPR.

What are the penalties for non-compliance?

The fines to be imposed are not for the faint of heart. Any non-compliant organisation can be fined up to 4% of annual global turnover or  20 million Euros (whichever is greater), making the risk of business insolvency for the most serious infringements a very real prospect. It’s just one of the many reasons why it’s worth getting GDPR-savvy sooner rather than later.

How we’re getting ready for GDPR

We, at GMS, value your privacy, and this is why we’re committed to being GDPR-compliant.

At present, we’re busy evaluating the way in which we handle personal data and how data protection processes can be integrated into our everyday activities. With this, we plan to construct a solid framework of policies and procedures that will ensure total transparency between ourselves and our data subjects when it comes to sensitive information. We would therefore like to take this as an opportunity to assure our customers (and prospective customers) that come 25th May 2018, we will be GDPR-compliant.

If you have any questions about our commitments to GDPR compliance, please feel free to get in touch by emailing Or stay subscribed for progress updates in due course.

This article is not intended to offer advice about GDPR for your business. If you’d like to learn more about how GDPR may affect you, here are some valuable resources: