GDPR: 7 business changes you really need to make

September 26, 2017


1. Review what personal data you collect, where it is held, who you share it with, and when it is deleted.  

2. Develop a data strategy.  Consider what data you really need to hold and how long you need it for.  Conduct a risk-assessment as to where the risks of data breach are and what you can do to minimise that risk.  Develop a plan as to how you will deal with a data breach in the future, and how you will assess whether a breach needs to be reported to the ICO.

3. Consider whether you need to appoint a Data Protection Officer.  Even if you are not required to do so, assess whether it will be beneficial to have some nominated individuals to have internal responsibility for data compliance.

4. Update your privacy policy to comply with the additional information requirements of the GDPR, and make sure it is available on your website.

5. Check how you gain consent and update your T&Cs.  Most businesses currently collect marketing data from any individual they deal with who fails to “opt-out” from such contact.  Going forward consent must be “explicit, freely given and informed”.  Your T&Cs should be updated to provide that individuals must opt-in to be added to your database.

6. Cleanse your database.  If you have relied on opt-out or “passive” consent to contact people in the past (e.g. for marketing purposes), you need to get fresh consent from those in your existing database.  Do this sooner rather than later and beat the rush.

7. Educate and train your staff on the GDPR. Make sure your staff know what your internal policies are, who to go to with a data problem, and how they need to deal with requests to be forgotten and subject access requests.



Contact Our Team
Catherine Burke
View Profile
Damian Phillips
View Profile
Fflur Jones
Managing Partner
View Profile
Gareth Wedge
View Profile
Mark Rostron
View Profile
Nick O’Sullivan
View Profile
Owen John
View Profile
Rhodri Lewis
View Profile
Stephen Thompson
View Profile

I have worked with Darwin Gray for a number of years and the level of service, professionalism and timely response is second to none. I would highly recommend Darwin Gray to any business.”

Becs Beslee
Dice FM Ltd

Darwin Gray have provided us with a first-class service for many years now. They really take the time to understand our business and develop relationships which results in advice and support that is contextualised and effective.”

Rebecca Cooper
ACT Training

We have worked with Darwin Gray for several years and have always found their services and advice to be first class.”

Karen Gale
Stepping Stones Group

An extremely professional and sincere company who make time for your queries and understand the need to break down certain facts and information to ensure everything is understood perfectly. I would highly recommend the company to anyone looking for any type of legal advice”

Gwawr Booth
Portal Training Ltd

PSS has worked with Darwin Gray for many years. We have always received an excellent service. Prompt and professional advice and support.”

Ledia Shabani
Property Support Services UK Ltd

We have used several departments within DG recently and we have been very pleased with an effective, efficient and down to earth service. Very happy thus far and I expect that we will continue to use DG.”

Guto Bebb
Farmers’ Union of Wales

Darwin Gray offer us truly superb services. Very professional, quick and services available bilingually which is very important to us, highly recommend.”

Iwan Hywel
Mentrau Iaith Cymru

My “go to” in urgent and time sensitive cases for direction, support and advice. The team are quick to respond to calls or emails for advice and support on all matters. Always explain complex matters in a way a lay person can easily understand.”

Margot Adams
Guarding UK Ltd