Page 1 of 1


PostPosted: Wed Apr 04, 2018 11:16 am
by ChrisG
Anyone know anything about the EU General Data Protection Regulation coming in next month, specifically how it applies to a typical small framing operation that only hold names and phone numbers?


PostPosted: Wed Apr 04, 2018 11:35 am
by Chris2103
I went on to the gov website for it and there was a questionnaire to see if you needed to sign up to it. It was quite straightforward to follow. Give that a try


PostPosted: Wed Apr 04, 2018 11:58 am
by David McCormack
Chris2103 wrote:I went on to the gov website

Could you provide a link thanks.


PostPosted: Wed Apr 04, 2018 12:24 pm
by Chris2103

The link is ... ssessment/

I have just been checking with the ICO who believe this is for the existing regs and that to see if registration is needed suggest phoning 0303 123 1113 and selecting the option for registration.


PostPosted: Wed Apr 04, 2018 1:24 pm
by David McCormack
Cheers :D


PostPosted: Wed Apr 04, 2018 1:38 pm
by Tudor Rose
That is a really useful link, thanks for posting that.


PostPosted: Wed Apr 04, 2018 8:13 pm
by pramsay13
Funnily enough I got a call from the BBC Money Box programme asking if I would come on to the show to talk about how it would affect me as a business and the members of our business association.
I had to politely decline as I haven't looked at it yet :oops:


PostPosted: Thu Apr 05, 2018 10:48 am
by JonathanB
My local Chamber of Commerce has run a few sessions on GDPR and the subject seems a little confusing. I think there are two issues here. One is whether as a business you need to be registered with the ICO, and having done the questionnaire helpfully posted by Chris, I'm happy that I don't need to register as I just do a bit of e-mail marketing in connection with my own business.

GDPR is different, and my understanding is that every business, no matter how small, will have to comply from May. This means carrying out an audit of all the information you hold, in any form (not just on computer), and making sure there is a good reason for keeping it. Another main issue is that we will no longer be able to assume that everyone wants to get our marketing e-mails and that an unsubscribe button is enough. You will now need positive consent to marketing activity, so it's 'opt-in' rather than 'opt-out'.

I've just listened to the Radio 4 Money Box programme (available via the website) which is quite helpful. The overall message is that everyone's confused, but that those who take the issue on board and try and put measures in place are likely to be supported, while those who stick their head in the sand might have a problem.

Bottom line is that I don't think it's going away, and if you want to know more I would suggest that the ICO website is really confusing and wordy and would instead listen to the programme and then look at the FSB website which has videos, checklists and lots of other information.



PostPosted: Thu Apr 05, 2018 1:49 pm
by Steve N
This could be a good way of stopping unwanted marketing emails then, just report them after the end of May, all these marketing email companies should be contacting you to see if you still want to receive these emails, in effect you asking you to 'opt in' to keep getting them.


PostPosted: Thu Apr 05, 2018 9:50 pm
by John
Here's "What You Need To Know" and an interesting discussion on the subject


PostPosted: Fri Apr 06, 2018 2:05 pm
by poliopete
John, thank you for that :D

I found the discussion very interesting, so much so it's stored on my Favourites Bar for future reference.



PostPosted: Sun Apr 08, 2018 10:29 am
by drpeej
I used to be registered with the ICO but I recently rang them for advice and they told me that because I only hold customer records on an invoicing system I can deregister.

Now this GDPR thing has come along and I don't know where I stand. I am a one man band keeping paper records in a notebook of orders and invoicing using a standard accounting package. I do no email marketing. I have read loads of stuff on the web about GDPR but the more I read, the more confused I get.

Do I really have to destroy old records? What happens then when a customer comes back for a frame the same as he had last year? How will HMRC react to me not keeping invoice and order records?

It seems that all the advice online applies to large organisations who use data for marketing purposes but everything I read says EVERY business however small will need a GDPR policy.

I can see the point of the rules but I think it is a sledgehammer to crack a nut. One thing I am sure of - it will not stop unscrupulous organisations finding a way round the rules.


PostPosted: Sun Apr 08, 2018 6:34 pm
by JonathanB
Peter -
This is not an expert opinion, but I've not seen anything that suggests that you need to get rid of anything that you need to keep for a legitimate business reason. The new regulations mean that you only have to delete records that you have no good reason for keeping. I have no intention of destroying old invoices for the same reason as you do and the only proviso seems to be that they need to be kept safely. HMRC is different as I believe you still have to keep relevant records for six years, I believe.


PostPosted: Sun Apr 08, 2018 8:53 pm
by drpeej
I agree and this is my approach too. However the official guidance is ridiculously scary and lacks any common sense IMHO


PostPosted: Wed Apr 11, 2018 10:01 am
by Ian Kenny Framing
The Guild's new Professional Advice provider has compiled a checklist of what's required. You can find it if you follow this link : ... -1078.aspx