The landscape has shifted, yet again, just two and a half years on from the GDPR coming into force. Our 5 questions below can help you easily understand whether you have the right policies in place.

What are the changes?

Brexit happened, the transition period ended (at 11pm on the 31st December 2020), the US Privacy Shield was ruled to be no longer a legal safeguard for data transfers and the electronic Privacy Regulation (ePR) is still not agreed. The UK is under a new regulatory regime – the UKGDPR and an amended version of the Data Protection Act 2018 are the two key regulations for UK marketers now. The PECR is still in place for all electronic marketing and, of course, any marketing within the EU/EEA needs to comply with the EUGDPR

Confused yet? 

Why does it matter?

As marketers we know we need to review where we are now on a regular basis to ensure that our plans are aligned with market needs, customer expectations and the business environment. We need to review where we are with data protection and privacy compliance regularly too. As consumers we tend to agree to the use of our personal data readily to get information or services that we want or need. In organisations, we can sometimes unwittingly do the same!

Are you compliant?

These 5 questions address the main areas of change and give you a good idea whether you are up to speed.

1. You have been transferring individuals’ data to a data processor in the US on a regular basis. You have been relying on their data sharing agreement and Standard Contractual Clauses for this purpose. What do you need to do?

Conduct and document a transfers impact assessment and decide if this provides sufficient safeguards.

2. You market products and services by email to individual consumers in France and store their data in the UK. What Data Protection Laws do you need to comply with?

  • Data Protection Act 2018 - amended
  • UKGDPR and the EUGDPR
  • the Privacy and Electronic Communications (EC Directive) Regulations 2003 Privacy and Electronic, Communications Regulation 2003.

3. You are sending some customer names and addresses to a mailing house to send out a newsletter. What do you need to have in place with the mailing house?

A data processing agreement.

4. You are receiving individuals’ data from Germany. Which Data Protection Law will apply to the transfer?


5. You created a new Privacy Policy for your website ready for May 2018. It hasn’t been updated since. Do you..?

Review it and make any changes needed.

Surprised by any of the answers? Feel there are areas you need to address? The below can help your organisation ensure they're using, storing and sharing their data in the correct way. 

How can we help you?

The ‘Stand up for data protection’ training workshops are directly tailored to your organisation's needs. The sessions will be customised to deliver against your specific requirements. We will do this by consideration of the following:

  • your product or service
  • your market(s) and customers’ or clients’ needs
  • your employees’ needs and expectations
  • how you use personal data for marketing purposes
  • where your organisation operates
  • where your data is held
  • how you process personal data
  • your existing knowledge and current state of compliance
  • your specific concerns

Who can attend

Attendees are likely to be department or function heads in marketing, IT, finance, service, human resources, sales and any other customer facing roles.

Typical content

  • Briefing session
  • Data flow mapping
  • Issue identification
  • Action plan
  • Q&A session

For more information
on how we can help you ensure you're up to speed with the changes to data protection law, please visit our course page.