BLOG 3rd July 2017

GDPR - what is it and where to start

Here is a quick and easy guide to what you need to know to make s

What is it?

GDPR (General Data Protection Regulation) came into force on 25th May 2018. Here's what that means on a practical level:

  • Enhanced personal privacy – more rights for your customer or visitor.
  • Organisations will have to have more defined processes in place for dealing with data.
  • You must be more transparent as to why and how you use personal data.
  • All staff need to be up to speed on GDPR regulations.
  • Financial penalties can be imposed for breaches.

How does it affect my Organisation?

If your organisation collects or stores any type of personal data from people in the EU – you must comply with GDPR. This could include email addresses, names, contact details, addresses etc.

If you don’t comply – there can be financial penalties.

However, there are some positives – being compliant shows your audience that you are a trustworthy organisation that respects their privacy and personal information.

What do I need to do?


Take stock of what information you have already, where it is stored, and what processes you have for data protection already. Who is responsible for data protection in your organisation?


Do you need all of the information you collect? –Why collect someone’s date of birth if you never segment marketing by age or offer a birthday discount?

Could you store it all in one place? This makes it easier to fully delete information once it is no longer needed.


Ensure passwords and protection are in place – Password protect documents and databases which hold personal data. Ensure that the password for this is kept elsewhere. If sending this document via email, send the password in a different method e.g. text or in person.


Let your audience know why you are collecting their data, and what you will do with it.

How do I start?

We've put together a suite of resources to help you get GDPR ready. You can find them at the links below:

GDPR Audit Template

GDPR - legitimate interests vs. consent

GDPR Consent Checklist

Build Your Own Privacy Notice

Get your email marketing ready for GDPR

GDPR Email Marketing Flowchart

GDPR FAQs - answered

Personalised GDPR Support

If you have a question that isn't answered above, you can leave us a comment below and we'll do our best to answer. We’re also offering bespoke GDPR workshops for cultural organisations for £150 + VAT, so please drop Sarah an email if you're interested.

Note: This is intended to provide an overview of GDPR and is not a definitive statement of the law.

For a definitive guide, check out the Information Commissioner’s Office website.

Sarah Blake Knox

Client Programme Coordinator

Related Blog

Understand your audience, develop your strategy today. TALK TO US