4 simple measures to meet your GDPR obligations

No primary category set

In May, a new regulatory system governing spam and other data abuses will come into force with the General Data Protection Regulation (GDPR) which will, for the first time, seek to harmonise rules across all 28, member states. It means anyone who uses business productivity tools or multiple delivery systems such as Wix Shout Out, Mailchimp and Survey Monkey as part of their marketing mix will have to be aware of rules governing spam and much else.

Predictably, there’s been a lot of fear – and fear-mongering – generated by the rules with predictions that they threaten to tie-up small businesses in mountains of red tape, restricting their marketing activities to the point where they’ll be unable to send a simple email.

4 simple measures to meet your GDPR obligations

Ashley Marron, CEO of East Kilbride-based Barvas, a management software tool for small and medium sized businesses reviewed the regulation and in his view, by taking four simple measures, you can meet your obligations without much time and expense.

  1. The first thing you should do is to ensure all your email marketing includes an ‘unsubscribe’ option. While not quite a catch-all solution, this will go a long way to ensuring you comply with the new regulation.

  2. Secondly, you should determine whether your organisation handles personal information as ‘data processor’ or ‘data controller’. The GDPR draws a distinction between the two, recognising that not all businesses and organisations involved in the processing of data have the same responsibility.
    A data controller determines the purposes for which and the manner in which any personal data is processed while the processor processes the data on behalf of the controller.
    Processing can involve anything from obtaining, recording or holding information, organising, adapting or altering it, to retrieval and use of the information including publishing, blocking, erasing or destroying it.
    The interpreting of data – making a professional judgement or significant decision-making in relation to it – must be done by a data controller.

  3. The next thing you should do is to complete the Information Commissioner’s checklist to help identify gaps in your current processes.

  4. Finally, you should conduct an information audit to map data flows in your business or organisation in order to understand how personal information flows through your business processes.

To ensure you comply there is a need to identify the key processes, documenting as needed, and ensure you have an audit trail to prove compliance.

As a seller of online business productivity tools, Barvas have taken a proactive approach to ensure they comply. For their customers, Barvas have included a downloadable template in their software to help demystify the key steps and navigate users through the process.


August 19, 2018 Mountain View / CA / USA - Google logo on one of

Google moves UK user data to the US

Cybersecurity and data privacy protection concept, lock, binary

Do you need to register and pay the Data Protection Fee?


GDPR’s slingshot effect in giving European businesses a competitive advantage


Wasted spend, annoyed users – digital marketing won’t survive in its current form 


eBay User Privacy Notice and User Cookie Notice updated

ChannelX Guide...

Featured in this article from the ChannelX Guide – companies that can help you grow and manage your business.

Register for Newsletter

Receive 5 newsletters per week

Gain access to all research

Be notified of upcoming events and webinars