BLOG 3rd July 2017

Save the Data – GDPR Compliance

We recently hosted a free session detailing how arts, culture, and heritage organisations can get ready for new data protection regulations. Here is a quick and easy guide to what you need to know to get started.

What is it?

GDPR (General DATA Protection Regulation) comes into force on 25th May 2018.

  • Enhanced personal privacy – more rights for your customer or visitor.
  • Organisations will have to have more defined processes in place for dealing with data.
  • You must be more transparent as to why and how you use personal data.
  • All staff need to be up to speed on the new regulations.
  • Financial Penalties can be imposed for breaches.

How does it affect my Organisation?

If your organisation collects or stores any type of personal data from people in the EU – you will need to comply with GDPR. This could include email addresses, names, contact details, addresses etc.

If you don’t comply – there can be financial penalties.

However, there are some positives – being compliant shows your audience that you are a trustworthy organisation that respects their privacy and personal information.

Where do I go from here?


Take stock of what information you have already, where it is stored, and what processes you have for data protection already. Who is responsible for data protection in your organisation?


Do you need all of the information you collect? –Why collect someone’s date of birth if you never segment marketing by age or offer a birthday discount?

Could you store it all in one place? This makes it easier to fully delete information once it is no longer needed.


Ensure passwords and protection are in place – Password protect documents and databases which hold personal data. Ensure that the password for this is kept elsewhere. If sending this document via email, send the password in a different method e.g. text or in person.


Let your audience know why you are collecting their data, and what you will do with it.

Note: This is intended to provide an overview of GDPR and is not a definitive statement of the law.

For a definitive guide, check out the Information Commisioner’s Office website.

Claire Rose Headshot

Claire Rose Canavan

Client Relationships Executive

Understand your audience, develop your strategy today.


Fresh ideas for building your audience straight to your inbox.

Please enter your full email address