GDPR – 6 common questions

Unless you have been on a very long holiday (lucky you if so!), it’s likely that you have heard the term “GDPR” a lot lately.  GDPR stands for General Data Protection Regulation – which comes into effect in 2018 and is likely to change the way we all do business.

We thought we would answer 6 of the most common questions and hopefully this will help prepare you for some of the changes ahead.


GDPR is essentially going to replace the Data Protection Act of 1998 with new legislation for data protection that will be consistent across all of the EU.


The changes officially come in to effect on Friday 25th May 2018.


This depends on how much, and what sort of data you hold.  The new regulations apply to anyone who is in control of, or processing data.  Any personal data should be processed “lawfully” and for a specific purpose. Once this is complete the data should be deleted.

The new rules also state that if you pass data you have collected consent for (we’ll come to this next) to someone else to use on your behalf then you need to be sure they too will be following the new legislation.


One of the main revisions that is being introduced as part of these changes is the way that consent is given by data subjects.  Data controllers must have consent that they are allowed to use individual’s personal data – and keep a record of how and when each individual gave consent.  Upon this consent being given you must also specify how long you intend to keep/store the data provided.

This means no more pre-ticked boxes and no more ‘opt outs’.


The Information Commissioner’s Office (ICO) are recommending that companies appoint a Data Protection Officer, who is responsible for and will act as a point of contact for all GDPR related queries.

You can also review, or create your privacy policy which should outline how you intend to use personal data, how long you’re going to keep it for an how individuals can be removed, or worse complain, plus more!


Yes, lots, probably enough for a series of blog posts!  We haven’t even touched on breaches, access requests, the right to be forgotten or children’s data!

In the short term we would recommend educating your staff on the upcoming changes, reviewing your privacy policy and thinking about a strategy that will help you to get your current data subjects to opt in to future contact after May 2018.

If you have any comments about this post, or any questions you think we may be able to answer please get in touch.


Posted by Jonathan



Merry Christmas from all at Zing Insights

We’re just crossing the Ts and dotting the Is before signing off for the Christmas break – and a much-needed break it is too. What a year it has been… Read more »

Toot the horn – we’re 10!

Today is a day of celebration for us all at Zing – we’ve made it to our 10th anniversary.   Hey, we all know this is an amazing achievement for… Read more »

Healthcare Trends Webinar

This week, Lisa led a webinar in conjunction with Simon Marrett from Ellerton Marketing. The webinar discussed healthcare trends across 2020 and 2021, with research undertaken through use of the… Read more »

It was the best of times. It was the worst of times ….

Published in 1859, Charles Dickens wrote the first line to A Tale of Two Cities more than 150 years ago, but it’s so pertinent to 2020.  Let’s face it, this… Read more »

3 words

What 3 words would you use to describe 2020 so far?  Here’s a few for starters … Unprecedented?  Challenging?  Chaotic?  Scary? Dystopian? Exciting? Uncertain? Tumultuous? Mindful?  Life-changing? Anxious?  The reality… Read more »

When a little insight can be just enough….

Once upon a time, not so very long ago, commissioning an insight project typically meant embarking on a long and often pretty expensive journey.  Projects routinely ran for 8+ weeks… Read more »

Our Clients

We have extensive experience working across a wide range of industry sectors for many leading brands.