What do you Creative Agencies need to know for GDPR?
From the 25th May 2018 the General Data Protection Regulation will come into force across all the EU member states, currently 28 as follows:

Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK.

Clearly the UK will still be a member and therefore affected in the same way by this EU law that replaces the Data Protection Act which has been around for 20 years, but now the regulation comes with the full power of the EU courts making it a legal requirement for all companies to adhere to the regulations, or face some heavy fines up to €20 million or 4% of a company’s global annual income (whichever is the larger amount).

Even after the UK officially exists the EU the same legislation will largely apply on the basis that many companies are still trading or performing some function in Europe and therefore still liable based on this regulation, and this has been confirmed as extending out globally to any company in any country processing European citizen data.

We have heard a lot of cynical views around GDPR, especially the comment “it will never happen to me”. Well, we thought it might be worth reminding you who might blow the whistle on you to the ICO.

EU Citizens – Any EU citizen that believes they have not given you permission or had notification is at liberty to do this.

On Thursday 2nd November 2017 we hosted our first 'GDPR Breakfast Briefing' event, inside our office in Bromsgrove. Our Breakfast briefings are simply a training and development event scheduled for the morning period.
"I'm more confident in what I need to do next"
GDPR if you don't already know stands for 'General Data Protection Regulation', which is going to supersede the current 'Data Protection Act 1998. GDPR been a regulation since May 2016 but will start to be enforced from the 25th May 2018.

The event was led by our consultant Steve McGowan, who has been studying the subject heavily since it's announcement.

GDPR becomes enforceable from the 25th May 2018, that's a fact. However, after discussing the topic with both end users and channel partners we've received an interesting range of responses about the forthcoming legislation. So we thought based on the feedback received, it would be useful to share these Myth’s versus Fact’s as follows:
Myth 1: The regulators want to see you fail
Fact: One of the aims for breach notification laws such as GDPR is to push companies to step up their ability to detect breaches and to mitigate the negative impacts effectively.

Our 'Consulting Partner', Karl Fontanari had the opportunity of discussing the General Data Protection Regulation (GDPR), based on 10 questions, with Professor Jacqui Taylor, who is an acknowledged expert lead for the British Standards Institute (BSI).
1.Why do you think so few companies have started to prepare?
 JT - Number of factors such as this is regulation rather than legislation and is not aligned to a particular sector and therefore has no specific vertical relevance, such as Finance, Health, Etc.

For those wondering the differences between the current 'data protection act' (DPA) and the newest about to be implemented being 'GDPR'. We thought this table may be of benefit to you.

DPA(Data Protection Act 1998)
GDPR (General Data Protection Regulation)

The Data Protection Act was developed to give protection and lay down rules about how data about people can be used.

Are you still holding personal data on tape? You'll soon have to figure a way of removing or transferring this data to a more modern platform. In the event you are requested by a EU citizen to erase, transfer or give back their data. Under GDPR It'll be a legal right of the individual to ask these things.

Data protection legislations in the UK are changing and it will be fully enforced from May 2018. This new legislation being 'General Data Protection Regulation' (GDPR).

The main objective of GDPR is to detail the current and newly enhanced, obligations and responsibilities organisations must follow in order to safe-guard the data of EU citizens.

You may have heard of the ‘cyber essentials’ scheme, which launched in June 2014. If you haven't it’s a government and industry backed scheme to help all organisations protect themselves against common cyber-attacks. In collaboration with Information Assurance for Small and Medium Enterprises (IAMSE) and Information Security Forum (ISF) they have set out basic technical controls for organisations to use which is annually assessed.