Bicester Business Update

Are you GDPR compliant?

One of the hottest topics in the business community at the moment is the imminent arrival of the General Data Protection Regulations, or GDPR.

Certainly, this will have an impact on many businesses, what is being overlooked to a degree is the fact that they will impact on voluntary and community groups as well and to a lesser degree that they are about more than electronically saved or stored data.

What do you need to be doing?  Well here is a basic checklist that will start you off:

  1. Read and understand the Information Commissioner’s Office (ICO) document – Guide to the General Data Protection Regulations (GDPR) that is available online via the website.
  2. Make sure that all those who have responsibility for the use of any data within your business, charity or voluntary group are aware that GDPR is nearly here and that they understand the likely impact.
  3. Appoint an appropriate person as Data Protection Officer, making sure they are familiar with the responsibilities of the role and if you work across borders within the EU determine your lead data protection supervisory authority.
  4. Understand what data of a personal nature you hold, where it came from and who you share it with – this may require a formal audit to be certain.
  5. Your website should already have a privacy notice on it – make sure this is so and it complies with the requirements of GDPR. Existing privacy statements will need to be updated to explain the lawful basis for your processing of personal data under the GDPR
  6. Have in place a process that will take into account all the rights that individuals currently and will have. This should include how you would delete personal data, provide data electronically and which recognised format this would be done in.
  7. There are new timescales in the GDP regulations for responding to requests around someone’s personal data – make sure you update your existing processes to allow for these.
  8. Consent to use personal data has always been required to review how you obtain, record and manage this. It may be necessary for you to re-visit previous consents under an updated GDPR compliant process. Also look at if you need to implement processes to safeguard children by verifying ages and seeking parent/guardian consent.
  9. Be sure that any breaches will be detected and know how you will share this with the affected person(s), the regulatory bodies and then investigate the breach.


If you are in any doubt about your position in relation to GDPR, and before making any changes based upon the above brief suggestions, contact and seek the advice of your own website, social media and IT support suppliers.


We would welcome enquiries to join and help us in being the consistent and constant voice for businesses in the town.


Peter Cox – Chairman Bicester Chamber

Author: Graeme

Bicester Chamber