Latest News

Getting to grips with GDPR

Getting to Grips with GDPR and what it means for your business

GDPR applies to consumer data, so if your business processes personal or sensitive consumer data, the GDPR will apply to your business.

Most businesses use direct marketing to communicate with customers and prospects, most have a website which gives consumers the option to get in touch by submitting personal data, and most use website analytics to analyse the consumer behaviour. This means that as a business owner, you will almost certainly need to take action to ensure your company complies with new data protection laws which come into effect on 25th May 2018.

If you think leaving the EU will mean the new regulations will be scrapped, you are wrong! Currently EU rules apply, and will do so until we leave the EU. The Government has announced they will enforce similar rules following Brexit.

Some things you are currently doing may therefore need to change as a result of the new General Data Protection Regulations (GDPR). The first task will be to review how your business currently handles data, including where it came from, if you have consent to use it, where it is stored, if it is still needed, where it is going and who you are sharing it with.

There are 8 individual rights outlined by the GDPR and you will need to ensure that your procedures and policies can deliver these rights.

8 Rights Outlined in the GDPR:

1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. The right not to be subject to automated decision-making, including profiling

Key Actions to Prepare for GDPR

1. Assess current data handling activities including the data source, consent processes, current use of data, longevity of data and third party access. Also check if data is securely stored and delete unnecessary data.

2. Gain more knowledge on GDPR and train your staff to understand the key elements to be assured of compliance now and in the future.

3. Update your Privacy Policy, Cookie Policy, T&Cs, Data Protection Policy, Procedures documents – all need to comply with GDPR.

4. Evaluate and review Consent processes in preparation for GDPR – you must have a positive Opt-In (but there are exceptions, please see below for further details on this.)

5. Accountability – transparency is key, so you will need to provide evidence of compliance and be able to provide information to individuals who request it under the GDPR. Compulsory information may include identity and contact details, the purpose of processing their data, who you share the data with, how the data is protected, retention period of data, be clear on opt-in/opt-in clauses.

6. Consider appointing a DPO (Data Protection Officer) who can be responsible for your data obligations under the GDPR.

What is the penalty for being in breach of the GDPR?

The fines for non-compliance are now much higher and could be as much as 4% of your annual turnover or a maximum of £20 million, whichever is highest, so it is strongly recommended that you start putting things in place to achieve compliance now. Review your current position, tighten up your policies and procedures and protect your business from risk.

The PECR (Privacy and Electronic Communications Regulations) is also to be replaced on 25th May and will become the ePrivacy Regulation and this will outline new regulations for instant and social media messaging services, such as WhatsApp, and voice over internet protocol providers such as Skype, as well as telemarketing, email communications, SMS messages, and the use of cookies.

One of the key changes to the Data Protection law relates to ‘consent’ by the individual to be contacted by the company for marketing purposes.

Consent must be given freely, it must be specific, informed and unambiguous. There must be a positive Opt-In (such as a tick box) that is then documented and can be shown as evidence – this is called ‘Explicit Consent’.

Let’s suppose you are currently sending emails to a prospecting database but you have only given the individuals an Opt-Out option (such as ‘unsubscribe here’), and you hadn’t gained Explicit Consent to send marketing communications to them when you collected their personal data. In this instance, you will be in breach of the regulations. This is termed as ‘Implied Consent’.

By only giving them the option to ‘unsubscribe’ or ‘contact us to opt-out’ you are making an assumption that because the individual has not taken action to request removal from the database, they have given consent. The GDPR states you must have Explicit Consent to avoid the risk of being fined for non-compliance.

Marketing to Existing Customers

For Email and telemarketing, the current PECR legislation states that if you have an existing customer relationship, then a Soft Opt-In is going to be sufficient as long as you are only marketing similar products or services to what the customer originally purchased.

This means if the customer consented to the use of their data on initial contact, you may continue to email them as long as you can show evidence that you gained their consent at the time of data collection.

B2B Email Marketing

The DMA stated in August 2017 ‘direct marketing sent to ‘natural persons working for legal persons’ requires prior consent. For example, emailing would require consent. However, consent would not be required when contacting generic email address such The European Data Protection Supervisor has also echoed this opinion.’

Details of sole traders and partnerships are considered to be personal information, so you will have to gain Explicit Consent through an Opt-In process to mail these people.

Companies that are Ltd, PLC, LLP, LBG or public sector organisations and charities DO NOT need to Opt-In to receive marketing communications, but they must be given an opportunity to Opt-Out.

If you send printed marketing materials by post, you will be pleased to hear that you DO NOT need Explicit Consent from recipients. As long as the brochure, catalogue, letter or promo mailer clearly gives the recipient an option to Opt-Out of receiving future mailings, this will be allowed under the ‘legitimate interests’ of your business.


Your website is your online shop window, so you need to ensure it complies with current data protection legislation too. Assess what information you actually need to collect online and only collect what is relevant and of value to you.

1. You must have Cookie Control in place to give the user the option of giving consent or not consenting to you storing cookie data files on their computer to use for marketing purposes. You need to be transparent about what information you are collecting and what you are going to do with it. This explanation needs to be prominent on your website.

2. You have responsibilities to protect personal information that your website collects and uses. If you are storing personal data on your website you must have an SSL Certificate and host your site on a secure server. Ask your IT supplier for advice on encrypting information and ensure your staff are adequately trained and know how to look after the data properly.

3. If you have an ecommerce site or your site has contact forms, quote forms, enquiry forms where you are collecting personal information such as a name, email address, telephone number or mailing address, and you intend to use this information for marketing purposes, ensure you have Explicit Consent by way of an Opt-In tick box to give them the choice of receiving further marketing communication from you.

4. You must also have a privacy policy and terms of use of your website documentation clearly accessible to user.

You can find further information on and if you are a member of the FSB, there is a lot of information available on GDPR and the Legal Hub provides templates, guidance notes and check lists for members to refer to and use.

Whizz Marketing is totally committed to providing up to date advice, guidance and support to SMEs for online marketing and SEO. If you would like further support to ensure your website and marketing processes comply with the new data protection regulations, please contact Louise on 01252 622129 or email

Enjoyed this Article?

Then get free updates with email marketing tips and strategy advice

    We will not share your email address with third parties. Please check our Privacy Policy for details on how we store and use your data

    Please view our Privacy Policy for full T&CS

    Service Type
    Provider Name
    Whizz Marketing Services,
    31 Elizabeth Drive,Fleet,Hampshire-GU52 6HW,
    Telephone No.01252 622129
    GDPR applies to consumer data so if your business processes personal or sensitive consumer data, the GDPR will apply to your business. Some things you are currently doing may therefore need to change as a result of the new General Data Protection Regulations (GDPR).
    We have been dealing with Louise at Whizz Marketing Services along with the web designer that she kindly recommended we use, we have had nothing but a great experience with Louise from her copywriting to SEO marketing strategies. We are grateful that Louise has been patient with us, ALWAYS delivered what we have asked of her and very quickly too, I am not always the fastest at getting back as I have to check in with two directors before I can make final decisions but again, very patient. I feel Louise completely understood the image we like to portray and the content that she wrote up for our website reflects this. Very happy, will be using Louise for many years to come and will recommend to anybody looking for similar services. Also, recommend the web designer that is recommended by Louise as they work hand in hand with each other perfectly. Brilliant communication, friendly and reliable and local too, so glad we found Whizz!
    Jones Moves
    Jones Moves
    18:03 15 Jun 23
    Louise used her expert SEO skills on our agency website and has increased the traffic and leads that are coming into the business for keywords that we were nowhere to be seen. I also refer Louise to my clients as finally i’ve found someone who not only talks the talk, but walks it too!Highly recommended!
    Nav Singh
    Nav Singh
    08:41 11 Nov 22
    Louise has a friendly, professional and efficient approach and is easy to work with. I don’t have time to manage the marketing of the business, so it’s great to have an agency I can rely on to do what is needed to keep the brand visibility high in Google and manage the social profiles.  The stronger online brand presence we now have has definitely contributed to the growth and success of my business. I wouldn’t hesitate to recommend Whizz Marketing.
    Chris King
    Chris King
    16:20 03 Aug 20
    Whizz Marketing was recommended to us by our graphic designer back in 2016. Louise very quickly understood what we wanted to achieve with the rebranding and new website, and worked well with the web developer and graphic designer to help produce a site that not only looked great and clearly defined our brand and ethos, but using her SEO knowledge, she made sure the site worked to attract the right audience, increasing our brand visibility in Google and driving targeted traffic.Louise has continued to provide dedicated support over the years as and when we have needed it. She has been very flexible in her approach and is very easy to work with. She has done a fantastic job for us and I would not hesitate in recommending Whizz Marketing.
    Matt Cobden
    Matt Cobden
    09:46 22 Jul 20
    Louise has been great with helping to build my new website. Her knowledge is fantastic. Louise is very quick to respond to your emails and phone calls. Highly recommend :)
    Ryan Kaye
    Ryan Kaye
    12:35 05 Jul 18
    Louise at Whizz Marketing has been a great help to us in the re-design of our website and launch of a new marketing and social media strategy. Louise co-ordinated the website design, build and content on our behalf ensuring everything hit the latest SEO requirements. This provided the launch pad for a new blog and social media strategy, which Louise also managed on our behalf. We’re very happy with the new design and our website performance and traffic KPIs are moving in a very positive direction within a matter of weeks
    Adam Bland
    Adam Bland
    08:02 05 Jul 18
    Whizz Marketing have more than met my expectations. I was struggling to get my website to a consistently prominent position on internet searches. They have put that right. They are not pushey, they are fairly priced, get results, and ideal for small local businesses. I run Yoga Mind and Body which is based in Camberley but I want to get good results in each of the three areas in which I teach: Deepcut, Hook and Hartley Wintney. I am now going to get Whizz to work with me on more generic local marketing in anticipation that it will yield more people coming to my yoga classes.Many thanks Louise and your team.Namaste, JohnstonJohnston Lowry Founder / Teacher / Yoga Mind and Body
    Johnston Lowry
    Johnston Lowry
    08:32 09 Nov 17
    We've been delighted with the service Whizz Marketing provided us at The Homemade Brownie Company. Louise brought great technical expertise to the business and was pro-active with her ideas and suggestions. She was always readily available to support and delivered very impressive results in terms of website performance, website traffic and sales conversions. We would not hesitate to recommend her.
    Adam Bland
    Adam Bland
    12:42 04 Aug 17
    Louise at Whizz Marketing has been a god send! Having someone who is honest, trust worthy, efficient and knowledgeable handling all of our SEO requirements has enabled us to concentrate on other aspects of our business. I would highly recommend Whizz Marketing to anyone who wants to see their business thrive online.
    Emma Henderson
    Emma Henderson
    14:51 23 May 17