Kam Lai

Written by Kam Lai | 

Date: 15th May 2018

A practical guide to GDPR

This article is designed to be a practical, commonsense guide to get you up to speed and GDPR ready. Depending on the complexity of your organisation you may need more help or support in areas.

  1. Define your company activities. Are you a Data Controller, Data Processor or both?
    List out your details for DC and/or DP, also list what services your company provides and what information is needed. List any information that is passed out to third party suppliers.
  2. Log all data that your company has. If possible add the location sourced and the date acquired. Define what data is essential for business use.
  3. Categorise the data. Use the following points to allocate your data
    • – Customer/Client
    • – Contact data (Support helpline or product helpline)
    • – Third party data (non client, associated data like parent/child)
    • – Legal data
    • – Sales/Marketing
    • – Non identifiable data
    • – Transaction/Processing data (eg IP address logs on a website)
  4. Define your marketing activities.
    This involves:

    • – What data is captured
    • – What the data is used for
    • – How users can opt-out of the data
  5. Test the security of your data, and of the location where the data is held. Depending on the scale and sensitivity of the data you may need to use an external provider to audit this for you.
  6. Create a process that allows people to easily get their data. Give users an email address they can use to request, delete or stop processing of their data.
  7. Make sure all your documentation is GDPR ready and ideally uploaded to your website.
    This involves:

    • – Updating your terms and conditions
    • – Cookie policy update
    • – Creating a process for data breach and how you will lock it down
  8. Make your DPO and ICO numbers publicly available. You must put these on your website
  9. Have a GDPR cookie policy that explains why you use cookies and why you need them.

We hope this article gives you some practical tips. It’s worth noting all this is our own thoughts and interpretations and may change as the law becomes clearer and more defined. We’re happy to discuss any points if you want to get in touch.

We apply this technical strategy to all our projects to create great digital products that help you do what you’re good at. Have a look at some of our case studies here


Let's Talk...

If you want to know more about this project or anything else, feel free to get in touch

Field is empty or contains an invalid email


Contact Us




0161 503 1240 0161 503 1240


We are based here

  • Electric Circus
  • 2nd Floor
  • The Bridgeworks
  • 67-69 Bridge Street
  • Manchester
  • M3 3BQ
View on Google Maps

Sign up for our newsletter