GDPR Policy

BDP Agency and GDPR.

The Data Protection Act and GDPR Policy Explained

This document sets out the basic principles of the Data Protection Act (DPA) to help readers understand the new legal framework and the General Data Protection Regulation (GDPR Policy), which has been applied in the UK since 25 May 2018. 

The purpose of this document is to provide clients with a manageable, comprehensive explanation of the Data Protection laws and what Business Data Prospects (“We”) require from you as a client and as a data processor.

Important Points To Note

What to expect and when… here is the latest guidance from the Information Commissioners Office (ICO).
Glossary

DM = Direct Marketing

DPA = Data Protection Act 2018

EEA = European Economic Area

EU = European Union

GDPR = General Data Protection Regulation

ICO = Information Commissioner’s Office

PECR = Privacy and Electronic Communications Regulations

Data Controller = the entity that determines the purposes, conditions and manner in which who will process the data

Data Processor = the entity obtaining, recording or holding the information or data or carrying out any operation(s) on the information or data.

Basic Principles of The Data Protection Act

Schedule 1 of the Data Protection Act 2018 outlines the key data protection principles. In summary, personal data must be:

• Processed fairly and lawfully, satisfying at least one condition for processing.
• Obtained for specified, legitimate purposes and not further processed in a way incompatible with those purposes.
• Adequate, relevant, and not excessive in relation to the purposes for which it is processed.
• Accurate and kept up to date; every reasonable step must be taken to ensure that inaccurate data is erased or rectified without delay.
• Retained only for as long as necessary for the purposes it serves.
• Processed in accordance with the rights of data subjects under this Act.
• Protected against unauthorised or unlawful processing, as well as accidental loss, destruction, or damage.
• Not transferred to a country or territory outside the UK unless that country provides adequate protection for the rights and freedoms of the data subjects.

The GDPR introduced additional requirements for transparency and accountability, placing the onus on organizations to demonstrate their compliance with these principles. This shift emphasises the importance of proactive data protection measures and clear communication with data subjects about their rights.

Please see our GDPR Accountability Policy for more information on how we comply with the principles.

Article 5 of The General Data Protection Regulation

Article 5 of the GDPR privacy policy laws now requires that personal data shall be:

(a) processed lawfully, fairly and transparently about individuals;

(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;

(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

(d) accurate and, where necessary, kept up to date; who must take every reasonable step to ensure that inaccurate personal data, having regard to the purposes for which they are processed, are erased or rectified without delay;

(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; who may store personal data for longer periods insofar as who will process the personal data solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to the implementation of the appropriate technical and organisational measures required by the GDPR policy laws to safeguard the rights and freedoms of individuals;

(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organisational measures.

Article 5(2) requires that.

“the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”

Information Commissioners Office (ICO)

The Data Protection Act 1998 has been replaced by the Data Protection Act 2018, which incorporates the GDPR (General Data Protection Regulation) into UK law. Under this legislation, every data controller (e.g., organization or sole trader) is required to register with the ICO (Information Commissioner’s Office) unless they are exempt. With over 900,000 organizations now registered, Business Data Prospects advises all our clients to register to ensure compliance with this law and protect personal data appropriately.

Awards and Press

Business Data Prospects is an award-winning organisation that has achieved excellent local and national recognition for our business data and strategic marketing services.

Our Community – Giving Back

We believe in supporting our local community and giving back as much as we can for critical research to save lives and investment into and growing entrepreneurial spirit.

Our Family – Putting People First

We consider ourselves to be a family – that goes for our clients as well as our staff. That means we work out what’s best for each client, and we look after you every step of the way.

Facts, Not Fear

GDPR Policy in a Positive Light

Business Data Prospects aims to provide you with genuine advice about the new laws surrounding Business to Business Data Protection.

We struggle to find information on the internet that doesn’t load with fear and also can sometimes become extremely confusing. However, Business Data Prospects will always provide you with reference documents from official channels to support our advice.

Here at Business Data Prospects, in the run-up to the implementation of a GDPR Policy, we were struggling to find information on the internet that did not load with fear, uncertainty and also doubt (FUD) to frighten you about everything or anything to do with the General Data Protection Regulation (GDPR).

Many companies took this opportunity to provide plenty of fear-based articles stating everything from how you are sticking your head in the sand…. To….how they are going to lock you up and throw away the key……countdown clocks to the chilling date in May 2018.

In our opinion, this was an unpleasant practice, and we were receiving daily calls from our clients and prospects, absolutely petrified of their next marketing move.

Please make no mistake; these companies are looking to profit from terrifying their prospects into purchasing something from them. They want to protect your business against this fear, uncertainty, and doubt.

Hopefully, we have provided some insight based on facts. Do not fear to set the record straight. There are some genuinely excellent companies out there that provide training and documentation for you. We aim to provide you with as much information and advice as possible, together with a collection of resources—all this for free, too.

Our GDPR Policy Promise to Our Clients – Business Data Prospects will:

• Keep you up-to-date on relevant information as this is released to us
• Dedicate time to research GDPR information with B2B Data
• Provide you with reference documents from official channels to support advice
• Endeavour to explain GDPR Policy changes in plain English and not use jargon
• Provide our clients with GDPR guidance information in a positive light
• Never create fear or scare you about GDPR
• Never charge our clients for GDPR directive information, as many of our competitors do
• Provide GDPR information without requiring you to sign up with your email
• We will provide GDPR information without requiring you to complete any forms

You can register here – It is a quick and easy online submission, and the costs involved are minimal in most cases.

The ICO offers a data protection self-assessment tool to help organizations assess their compliance with the Data Protection Act 2018 (DPA) and the UK GDPR. This tool provides guidance on key areas of compliance, including data security, data subject rights, and accountability.

It’s a valuable resource for businesses to ensure they meet regulatory requirements. In addition, the ICO’s tool helps organizations comply with the Privacy and Electronic Communications Regulations (PECR), which govern electronic marketing, cookies, and privacy in digital communications.

The Privacy and Electronic Communications Regulations (PECR) work alongside the Data Protection Act 2018 and the UK GDPR, providing individuals with specific privacy rights regarding electronic communications. These regulations cover areas such as marketing calls, emails, texts, and faxes; the use of cookies (and similar technologies); securing communications services; and safeguarding customer privacy related to traffic and location data, itemized billing, caller line identification, and directory listings.

Some PECR rules only apply to organizations that provide public electronic communications networks or services. However, even if you are not a network or service provider, PECR will apply to your organization if you:

• Conduct marketing via phone, email, text, or fax
• Use cookies or similar technology on your website
• Compile or maintain a telephone directory (or a similar public directory).

Please visit the ICO’s website for more information on PECR, how to implement effective policies and procedures, and guidance on audits.

The General Data Protection Regulation (GDPR) came into effect on 25^th May 2018.