Skip to content

The dreaded GDPR dilemma

Ahh May, a time to look forward to blue skies, spring flowers, a royal wedding, two handy bank holidays… and that pesky GDPR deadline!

What is GDPR?

The General Data Protection Regulation (GDPR) is a law created by the European Union in order to protect personal data. From 25 May 2018, people will have more control and rights over the storage/usage of their data. It is something that all UK companies will now be expected to abide by.

GDPR affects many different areas of the business and we are making sure that across marketing, customer, staff and product, we are fully compliant.

There have been many myths, scare tactics and threats of hefty fines floating around over the past year, however, GDPR should be something that can be easily implemented within a small business – and isn’t necessarily as black and white as once thought.

What have Storm considered in preparation for GDPR?

After attending a very informative and helpful talk organised by our friends at Creative Bath, we’ve established some key areas to focus on in preparation:

  1. Appointing somebody within the company to be responsible for GDPR, keeping records of training and evidence of effort to comply.
  2. Determining that we are a Data Processor instead of a Controller.
  3. Performing an audit of the data we currently hold – where did it come from, do we still need it?
  4. Ensuring that all data capture forms on websites (our own and those we build) outline the potential usage of information provided, as well as consent.
  5. Seeking the correct permissions for use of data and ensuring information sent out is relevant.
  6. The ability to unsubscribe easily, deal with requests for personal information, and methods for the permanent erasure of data held.
  7. Considering what our clients are doing with data and ensuring we can effectively advise them as their tech providers.
  8. Ensuring policies are in place for Data Breaches, Data Retention and Handling Staff Data.

How about GDPR and marketing communications?

A worrying sword that has been hanging over many a marketer’s head, we’re sure! The best practice is to ensure you have the correct permissions to contact someone in the first place, but you must also ensure that the messages you are sending out are:

  1. Relevant to the recipient and where they work.
  2. Provide a clear benefit or help to the recipient.
  3. The subject or offering is not in any way misleading.

You must also ensure that a person can unsubscribe or withdraw their information easily and immediately from all future communications if requested.

Are you ready for GDPR?

Overall, the most important part of GDPR is the right to be forgotten. As long as you make sure you are able to deal with data requests from those you hold information on and have appropriate policies in place, GDPR shouldn’t cause you too many headaches along the way.

One of your obligations will be to ensure that your website(s) and platform(s) comply with GDPR, which may mean you need to alter or add functionality – depending on what data you collect and how you use it. As such, we are encouraging all of our clients to give the matter adequate thought.

Should you need any of our development time to make these changes, please feel free to contact us via

If you have any specific worries about GDPR, it is always best to seek legal advice from an expert.

For more general information, visit the official GDPR portal or the Information Commissioner’s Office (ICO).

If you didn’t receive our ‘Opt In’ email to stay in touch with us, it’s not too late! Complete this form to sign up for Storm Updates.