0800 082 2420 email
0800 082 2420 email

What is GDPR?

What you really need to know without all the hype


Technical Consultant

0800 082 2420


GDPR is the new General Data Protection Regulation and it was setup to provide citizens of the EU and EEA with greater control over their personal data and provide assurances that their information is being securely protected.

Everywhere you turn at the moment people are talking about GDPR, how it is going to ‘devastate’ SME businesses and stories of €20m fines.  But even the Information Commissioner, Elizabeth Denham, head of the organisation responsible for policing the GDPR in the UK is worried about ‘scaremongering’.

At Evaporate our view is simple – GDPR is a good thing.  It will ensure businesses take greater responsibility for the accuracy and security of the data they hold.  It will help to protect businesses and their reputation.

When will the GDPR apply?

GDPR comes into law on the 25th May 2018 and affects every business in the EU.





What is the GDPR made up of?

The GDPR is made up of six core principles which data controllers (you) would be required to demonstrate compliance that personal data will be:

Processed lawfully, fairly and in a transparent manner.

Collected for specific, explicit and legitimate reasons.

Adequate, relevant and limited to what is necessary.

Accurate and, where necessary, kept up to date.

Retained only for as long as necessary.

Processed in an appropriate manner to maintain security.

How does GDPR impact my business?

Under GDPR, any individual that you hold data on has the right to the following:


The right to request access to their data and how their data is used for FREE.

To be forgotten

If they are no longer a customer they have the right for their data to be deleted.

Data portability

The right to have their data transferred from one service provider to another.

Informed consent

They must opt-in for their data to be gathered and consent must be freely given.

Information correction

The right to ensure that all the data you hold is correct and up to date.


They can request for their data not to be processed.


To request that you stop processing their information for direct marketing.

Be notified

In the event of a data breach involving their personal data they must be informed within 72 hours.

What about Brexit – does that mean I don’t need to worry?

Absolutely not.  The new GDPR rules come into place on 25th May 2018 and the earliest the UK will be leaving the EU under Brexit is looking like April 2019. In addition, a new Data Protection Bill is currently going through Parliament which will enshrine many of the GDPR regulations into UK law after Brexit.