Think Tank

What is the General Data Protection Regulation (GDPR) and what does it mean for you?

1st February 2018

What is it?

Most of us have heard of the Data Protection Act 1998, but perhaps not so many of us are aware it is due to be replaced by new European legislation in May 2018. The General Data Protection Regulation (GDPR) is being introduced to…

  • Stay up to date with modern technology, which either did not exist or was not in common use when the previous EU Directive was issued in 1995 (such as online shopping and social media);
  • Ensure all European nations apply the same stringent approach to protecting people’s personal information – not all countries take such a strict approach as the UK; and
  • Ensure businesses outside the EEA, but who target the EU marketplace, also follow the rules.

GDPR standardises a wide range of different privacy legislations across the EU into one central set of regulations that will protect users in all member states and the Government has confirmed that it will continue even when we leave the EU.

What does it mean for your business?

The good news is that if your business operates in line with the Data Protection Act 1998 you are most of the way there already. The three biggest changes GDPR brings are…

  • You have to be more transparent about what you do with personal information – generally a short privacy statement will be sufficient, but in some cases client consent may be required;
  • Internal policies and processes must be designed to reduce the risk of personal information getting into the wrong hands, and records of decisions must be kept; and
  • The potential financial penalties for failing to comply will increase drastically.

Whilst the new rules do not come in until May 2018 it is important to know that the rules apply to personal information you already hold, not just information you gather after GDPR goes live. The Information Commissioner’s Office (ICO) has put together some guidance on their website (, including a 12-step guide on how to prepare (

So that’s GDPR, but what are we doing to keep your information safe?

In terms of protecting your information, very little changes as we have always done our upmost to protect it.

We take our responsibility for protecting your information very seriously and whether you are a client or you are on our database to receive event invitations, topical newsletters or our monthly e-updates we value your security. This is why we are now taking additional steps to make sure we capture your marketing preferences so that you will continue to receive information that is important to you.

At Old Mill we never just send out information for the sake of it, we pride ourselves in adding value in all our publications and at our events where we highlight topical issues for businesses and private individuals. We only send you material that we feel would be of interest to you.

What do you need to do?

We will be using a number of touch points throughout the year, as well as at shows and events to collate your marketing preferences. In the meantime if you do not wish to receive our topical newsletters or invitations to our seminars and sociable events please email us at .